Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by combust
CVE-2023-5245 (GCVE-0-2023-5245)
Vulnerability from nvd – Published: 2023-11-15 12:52 – Updated: 2024-08-02 07:52
VLAI
Title
Using MLeap for loading a saved model (zip archive) can lead to path traversal/arbitrary file creation and possibly remote code execution.
Summary
FileUtil.extract() enumerates all zip file entries and extracts each file without validating whether file paths in the archive are outside the intended directory.
When creating an instance of TensorflowModel using the saved_model format and an exported tensorflow model, the apply() function invokes the vulnerable implementation of FileUtil.extract().
Arbitrary file creation can directly lead to code execution
Severity
7.5 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/combust/mleap/pull/866#issueco… | patch |
| https://research.jfrog.com/vulnerabilities/mleap-… | third-party-advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:08.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/combust/mleap/pull/866#issuecomment-1738032225"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://research.jfrog.com/vulnerabilities/mleap-path-traversal-rce-xray-532656/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://mvnrepository.com",
"packageName": "ml.combust.mleap.mleap-tensorflow",
"versions": [
{
"lessThan": "0.23.1",
"status": "affected",
"version": "0.18.0",
"versionType": "maven"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eFileUtil.extract() enumerates all zip file entries and extracts each file without validating whether file paths in the archive are outside the intended directory.\u003c/p\u003e\u003cp\u003eWhen creating an instance of TensorflowModel using the saved_model format and an exported tensorflow model, the apply() function invokes the vulnerable implementation of FileUtil.extract().\u003c/p\u003e\u003cp\u003eArbitrary file creation can directly lead to code execution\u003c/p\u003e"
}
],
"value": "FileUtil.extract() enumerates all zip file entries and extracts each file without validating whether file paths in the archive are outside the intended directory.\n\nWhen creating an instance of TensorflowModel using the saved_model format and an exported tensorflow model, the apply() function invokes the vulnerable implementation of FileUtil.extract().\n\nArbitrary file creation can directly lead to code execution"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T00:27:54.327Z",
"orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"shortName": "JFROG"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/combust/mleap/pull/866#issuecomment-1738032225"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://research.jfrog.com/vulnerabilities/mleap-path-traversal-rce-xray-532656/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Using MLeap for loading a saved model (zip archive) can lead to path traversal/arbitrary file creation and possibly remote code execution."
}
},
"cveMetadata": {
"assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"assignerShortName": "JFROG",
"cveId": "CVE-2023-5245",
"datePublished": "2023-11-15T12:52:18.656Z",
"dateReserved": "2023-09-28T06:08:57.423Z",
"dateUpdated": "2024-08-02T07:52:08.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5245 (GCVE-0-2023-5245)
Vulnerability from cvelistv5 – Published: 2023-11-15 12:52 – Updated: 2024-08-02 07:52
VLAI
Title
Using MLeap for loading a saved model (zip archive) can lead to path traversal/arbitrary file creation and possibly remote code execution.
Summary
FileUtil.extract() enumerates all zip file entries and extracts each file without validating whether file paths in the archive are outside the intended directory.
When creating an instance of TensorflowModel using the saved_model format and an exported tensorflow model, the apply() function invokes the vulnerable implementation of FileUtil.extract().
Arbitrary file creation can directly lead to code execution
Severity
7.5 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/combust/mleap/pull/866#issueco… | patch |
| https://research.jfrog.com/vulnerabilities/mleap-… | third-party-advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:08.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/combust/mleap/pull/866#issuecomment-1738032225"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://research.jfrog.com/vulnerabilities/mleap-path-traversal-rce-xray-532656/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://mvnrepository.com",
"packageName": "ml.combust.mleap.mleap-tensorflow",
"versions": [
{
"lessThan": "0.23.1",
"status": "affected",
"version": "0.18.0",
"versionType": "maven"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eFileUtil.extract() enumerates all zip file entries and extracts each file without validating whether file paths in the archive are outside the intended directory.\u003c/p\u003e\u003cp\u003eWhen creating an instance of TensorflowModel using the saved_model format and an exported tensorflow model, the apply() function invokes the vulnerable implementation of FileUtil.extract().\u003c/p\u003e\u003cp\u003eArbitrary file creation can directly lead to code execution\u003c/p\u003e"
}
],
"value": "FileUtil.extract() enumerates all zip file entries and extracts each file without validating whether file paths in the archive are outside the intended directory.\n\nWhen creating an instance of TensorflowModel using the saved_model format and an exported tensorflow model, the apply() function invokes the vulnerable implementation of FileUtil.extract().\n\nArbitrary file creation can directly lead to code execution"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T00:27:54.327Z",
"orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"shortName": "JFROG"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/combust/mleap/pull/866#issuecomment-1738032225"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://research.jfrog.com/vulnerabilities/mleap-path-traversal-rce-xray-532656/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Using MLeap for loading a saved model (zip archive) can lead to path traversal/arbitrary file creation and possibly remote code execution."
}
},
"cveMetadata": {
"assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"assignerShortName": "JFROG",
"cveId": "CVE-2023-5245",
"datePublished": "2023-11-15T12:52:18.656Z",
"dateReserved": "2023-09-28T06:08:57.423Z",
"dateUpdated": "2024-08-02T07:52:08.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}