CVE-2024-7776

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-7776

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-7776.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-7776

Aliases

Downstream

DEBIAN-CVE-2024-7776

UBUNTU-CVE-2024-7776

Published

2025-03-20T10:15:37Z

Modified

2025-08-09T19:01:28Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability in the download_model function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker to overwrite files in the user's directory, potentially leading to remote command execution.

References

https://huntr.com/bounties/a7a46cf6-1fa0-454b-988c-62d222e83f63

CVE-2024-7776

Affected packages