{"data":{"id":"6cbc35db-84c5-4fb5-b8c1-b46076b9d03b","title":"CVE-2022-25882: Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tenso","summary":"ONNX (a machine learning model format library) versions before 1.13.0 contain a directory traversal vulnerability (a security flaw where an attacker can access files outside the intended folder by using paths like '../../../etc/passwd'). An attacker could exploit the external_data field in tensor proto (data structure in ONNX models) to read sensitive files from anywhere on a system.","solution":"Update to ONNX version 1.13.0 or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-25882","publishedAt":"2023-01-27T02:15:31.333Z","cveId":"CVE-2022-25882","cweIds":["CWE-22","CWE-22","CWE-22"],"cvssScore":"7.5","cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["ONNX"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.03539,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-126"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity"],"aiComponentTargeted":"training_data","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}