GHSA-897x-xvj8-42rq

Source

https://github.com/advisories/GHSA-897x-xvj8-42rq

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-897x-xvj8-42rq/GHSA-897x-xvj8-42rq.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-897x-xvj8-42rq

Aliases

CVE-2023-5245

Published

2023-11-15T15:30:21Z

Modified

2024-02-20T05:31:38.165692Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Zip slip in mleap

Details

FileUtil.extract() enumerates all zip file entries and extracts each file without validating whether file paths in the archive are outside the intended directory.

When creating an instance of TensorflowModel using the saved_model format and an exported tensorflow model, the apply() function invokes the vulnerable implementation of FileUtil.extract().

Arbitrary file creation can directly lead to code execution

Database specific

{
    "nvd_published_at": "2023-11-15T13:15:07Z",
    "cwe_ids": [
        "CWE-22"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2023-11-23T03:36:16Z"
}

References

Affected packages

Maven / ml.combust.mleap:mleap-runtime_2.12

Package

Name: ml.combust.mleap:mleap-runtime_2.12; View open source insights on deps.dev
Purl: pkg:maven/ml.combust.mleap/mleap-runtime_2.12

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.23.1

Affected versions

0.*

0.14.0

0.15.0

0.16.0

0.17.0

0.18.0

0.18.1

0.19.0

0.20.0

0.21.0

0.21.1

0.22.0

0.23.0