FileUtil.extract() enumerates all zip file entries and extracts each file without validating whether file paths in the archive are outside the intended directory.
When creating an instance of TensorflowModel using the saved_model format and an exported tensorflow model, the apply() function invokes the vulnerable implementation of FileUtil.extract().
Arbitrary file creation can directly lead to code execution
References
Link | Resource |
---|---|
https://github.com/combust/mleap/pull/866#issuecomment-1738032225 | Issue Tracking Patch |
https://research.jfrog.com/vulnerabilities/mleap-path-traversal-rce-xray-532656/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: JFROG
Published: 2023-11-15T12:52:18.656Z
Updated: 2023-11-15T12:52:18.656Z
Reserved: 2023-09-28T06:08:57.423Z
Link: CVE-2023-5245
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-11-15T13:15:07.457
Modified: 2023-11-22T22:39:07.763
Link: CVE-2023-5245
JSON object: View
Redhat Information
No data.
CWE