CVE-2023-5245

FileUtil.extract() enumerates all zip file entries and extracts each file without validating whether file paths in the archive are outside the intended directory. When creating an instance of TensorflowModel using the saved_model format and an exported tensorflow model, the apply() function invokes the vulnerable implementation of FileUtil.extract(). Arbitrary file creation can directly lead to code execution
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:combust:mleap:0.18.0:*:*:*:*:*:*:*
cpe:2.3:a:combust:mleap:0.23.0:*:*:*:*:*:*:*

History

22 Nov 2023, 22:39

Type Values Removed Values Added
First Time Combust
Combust mleap
References () https://research.jfrog.com/vulnerabilities/mleap-path-traversal-rce-xray-532656/ - () https://research.jfrog.com/vulnerabilities/mleap-path-traversal-rce-xray-532656/ - Exploit, Third Party Advisory
References () https://github.com/combust/mleap/pull/866#issuecomment-1738032225 - () https://github.com/combust/mleap/pull/866#issuecomment-1738032225 - Issue Tracking, Patch
CPE cpe:2.3:a:combust:mleap:0.23.0:*:*:*:*:*:*:*
cpe:2.3:a:combust:mleap:0.18.0:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8

15 Nov 2023, 13:54

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-15 13:15

Updated : 2024-02-28 20:54


NVD link : CVE-2023-5245

Mitre link : CVE-2023-5245

CVE.ORG link : CVE-2023-5245


JSON object : View

Products Affected

combust

  • mleap
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')