Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS04OTd4LXh2ajgtNDJycc4AA3Mc
Zip slip in mleap
FileUtil.extract() enumerates all zip file entries and extracts each file without validating whether file paths in the archive are outside the intended directory.
When creating an instance of TensorflowModel using the saved_model format and an exported tensorflow model, the apply() function invokes the vulnerable implementation of FileUtil.extract().
Arbitrary file creation can directly lead to code execution
Permalink: https://github.com/advisories/GHSA-897x-xvj8-42rqJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04OTd4LXh2ajgtNDJycc4AA3Mc
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 1 year ago
Updated: about 1 year ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-897x-xvj8-42rq, CVE-2023-5245
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-5245
- https://github.com/combust/mleap/pull/866#issuecomment-1738032225
- https://research.jfrog.com/vulnerabilities/mleap-path-traversal-rce-xray-532656/
- https://github.com/advisories/GHSA-897x-xvj8-42rq
Blast Radius: 4.5
Affected Packages
maven:ml.combust.mleap:mleap-runtime_2.12
Dependent packages: 6Dependent repositories: 4
Downloads:
Affected Version Ranges: < 0.23.1
Fixed in: 0.23.1
All affected versions: 0.14.0, 0.15.0, 0.16.0, 0.17.0, 0.18.0, 0.18.1, 0.19.0, 0.20.0, 0.21.0, 0.21.1, 0.22.0, 0.23.0
All unaffected versions: 0.23.1, 0.23.2