Versions of the package onnx before and including 1.15.0 are …
Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch added for CVE-2022-25882.
References
-
https://security.snyk.io/vuln/SNYK-PYTHON-ONNX-2395479 x_transferred
-
https://security.snyk.io/vuln/SNYK-PYTHON-ONNX-2395479 x_transferred
-
https://security.snyk.io/vuln/SNYK-PYTHON-ONNX-2395479 x_transferred
Affected products
- =<1.15.0
Matching in nixpkgs
pkgs.onnxruntime
Cross-platform, high performance scoring engine for ML models
-
nixos-unstable -
- nixpkgs-unstable 1.22.2
pkgs.python312Packages.onnx
Open Neural Network Exchange
-
nixos-unstable -
- nixpkgs-unstable 1.19.0
pkgs.python313Packages.onnx
Open Neural Network Exchange
-
nixos-unstable -
- nixpkgs-unstable 1.19.0
pkgs.python312Packages.tf2onnx
Convert TensorFlow, Keras, Tensorflow.js and Tflite models to ONNX
-
nixos-unstable -
- nixpkgs-unstable tf2onnx-1.16.1
pkgs.python312Packages.onnxslim
Toolkit to Help Optimize Onnx Model
-
nixos-unstable -
- nixpkgs-unstable 0.1.68
pkgs.python312Packages.skl2onnx
Convert scikit-learn models to ONNX
-
nixos-unstable -
- nixpkgs-unstable skl2onnx-1.19.1
pkgs.python313Packages.onnxslim
Toolkit to Help Optimize Onnx Model
-
nixos-unstable -
- nixpkgs-unstable 0.1.68
pkgs.python313Packages.skl2onnx
Convert scikit-learn models to ONNX
-
nixos-unstable -
- nixpkgs-unstable skl2onnx-1.19.1
pkgs.python312Packages.onnxmltools
ONNXMLTools enables conversion of models to ONNX
-
nixos-unstable -
- nixpkgs-unstable 1.14.0
pkgs.python312Packages.onnxruntime
Cross-platform, high performance scoring engine for ML models
-
nixos-unstable -
- nixpkgs-unstable 1.22.2
pkgs.python312Packages.paddle2onnx
ONNX Model Exporter for PaddlePaddle
-
nixos-unstable -
- nixpkgs-unstable paddle2onnx-2.0.1
pkgs.python313Packages.onnxmltools
ONNXMLTools enables conversion of models to ONNX
-
nixos-unstable -
- nixpkgs-unstable 1.14.0
pkgs.python313Packages.onnxruntime
Cross-platform, high performance scoring engine for ML models
-
nixos-unstable -
- nixpkgs-unstable 1.22.2
pkgs.python312Packages.onnxruntime-tools
Transformers Model Optimization Tool of ONNXRuntime
-
nixos-unstable -
- nixpkgs-unstable 1.7.0
pkgs.python313Packages.onnxruntime-tools
Transformers Model Optimization Tool of ONNXRuntime
-
nixos-unstable -
- nixpkgs-unstable 1.7.0
pkgs.python312Packages.onnxconverter-common
ONNX Converter and Optimization Tools
-
nixos-unstable -
- nixpkgs-unstable 0.16.0
pkgs.python312Packages.rapidocr-onnxruntime
Cross platform OCR Library based on OnnxRuntime
-
nixos-unstable -
- nixpkgs-unstable 1.4.4
pkgs.python313Packages.onnxconverter-common
ONNX Converter and Optimization Tools
-
nixos-unstable -
- nixpkgs-unstable 0.16.0
pkgs.python313Packages.rapidocr-onnxruntime
Cross platform OCR Library based on OnnxRuntime
-
nixos-unstable -
- nixpkgs-unstable 1.4.4
Package maintainers
-
@ck3d Christian Kögler <ck3d@gmx.de>
-
@puffnfresh Brian McKenna <brian@brianmckenna.org>
-
@acairncross Aiken Cairncross <acairncross@gmail.com>
-
@happysalada Raphael Megzari <raphael@megzari.com>
-
@ferrine Max Kochurov <justferres@yandex.ru>
-
@wrvsrx wrvsrx <wrvsrx@outlook.com>