Vulnerabilities > Linuxfoundation > Onnx > 1.13.0

DATE CVE VULNERABILITY TITLE RISK
2024-02-23 CVE-2024-27318 Path Traversal vulnerability in multiple products
Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory.
network
low complexity
linuxfoundation fedoraproject CWE-22
7.5
2024-02-23 CVE-2024-27319 Out-of-bounds Read vulnerability in multiple products
Versions of the package onnx before and including 1.15.0 are vulnerable to Out-of-bounds Read as the ONNX_ASSERT and ONNX_ASSERTM functions have an off by one string copy.
network
low complexity
linuxfoundation fedoraproject CWE-125
critical
9.1