CVE-2023-5245
Last modified
CVE-2023-5245 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. FileUtil.extract() enumerates all zip file entries and extracts each file without validating whether file paths in the archive are outside the intended directory. When creating an instance of TensorflowModel using the saved_model format and an exported tensorflow model, the apply() function invokes the vulnerable implementation of FileUtil.extract(). Arbitrary file creation can directly lead to code execution. EPSS estimates a 1.19% chance of exploitation in the next 30 days.
Description
FileUtil.extract() enumerates all zip file entries and extracts each file without validating whether file paths in the archive are outside the intended directory. When creating an instance of TensorflowModel using the saved_model format and an exported tensorflow model, the apply() function invokes the vulnerable implementation of FileUtil.extract(). Arbitrary file creation can directly lead to code execution
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Combust | Mleap | 0.18.0 |
| Combust | Mleap | 0.23.0 |
References
- https://github.com/combust/mleap/pull/866#issuecomment-1738032225Issue Tracking, Patch
- https://research.jfrog.com/vulnerabilities/mleap-path-traversal-rce-xray-532656/Exploit, Third Party Advisory
- https://github.com/combust/mleap/pull/866#issuecomment-1738032225Issue Tracking, Patch
- https://research.jfrog.com/vulnerabilities/mleap-path-traversal-rce-xray-532656/Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-5245?
How severe is CVE-2023-5245?
How do I fix CVE-2023-5245?
Are you affected by CVE-2023-5245?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST