GHSA-897x-xvj8-42rq

Suggest an improvement
Source
https://github.com/advisories/GHSA-897x-xvj8-42rq
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-897x-xvj8-42rq/GHSA-897x-xvj8-42rq.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-897x-xvj8-42rq
Aliases
  • CVE-2023-5245
Published
2023-11-15T15:30:21Z
Modified
2024-02-20T05:30:12.086726Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Zip slip in mleap
Details

FileUtil.extract() enumerates all zip file entries and extracts each file without validating whether file paths in the archive are outside the intended directory.

When creating an instance of TensorflowModel using the saved_model format and an exported tensorflow model, the apply() function invokes the vulnerable implementation of FileUtil.extract().

Arbitrary file creation can directly lead to code execution

Database specific
{
    "nvd_published_at": "2023-11-15T13:15:07Z",
    "cwe_ids": [
        "CWE-22"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2023-11-23T03:36:16Z"
}
References

Affected packages

Maven / ml.combust.mleap:mleap-runtime_2.12

Package

Name
ml.combust.mleap:mleap-runtime_2.12
View open source insights on deps.dev
Purl
pkg:maven/ml.combust.mleap/mleap-runtime_2.12

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.1

Affected versions

0.*

0.14.0
0.15.0
0.16.0
0.17.0
0.18.0
0.18.1
0.19.0
0.20.0
0.21.0
0.21.1
0.22.0
0.23.0