{"data":{"id":"6387b784-7763-4f32-97cd-cd1650bd1555","title":"CVE-2024-7776: A vulnerability in the `download_model` function of the onnx/onnx framework, before and including version 1.16.1, allows","summary":"CVE-2024-7776 is a vulnerability in the ONNX framework (a tool for machine learning models) version 1.16.1 and earlier, where the `download_model` function fails to properly block path traversal attacks (a technique where attackers use special file path sequences to access files outside the intended directory). An attacker could exploit this to overwrite files on a user's system, potentially leading to remote code execution (running malicious commands on the victim's computer).","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-7776","publishedAt":"2025-03-20T14:15:37.520Z","cveId":"CVE-2024-7776","cweIds":["CWE-22"],"cvssScore":"9.1","cvssSeverity":"critical","severity":"critical","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["ONNX","onnx/onnx framework"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.01467,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-126"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}