{"id":"CVE-2024-27318","details":"Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch added for CVE-2022-25882.","aliases":["GHSA-whh8-fjgc-qp73","PYSEC-2024-222"],"modified":"2026-04-10T20:22:19.267976Z","published":"2024-02-23T18:15:50.767Z","related":["CGA-vm54-7rr3-h8p9","openSUSE-SU-2024:13803-1"],"references":[{"type":"WEB","url":"https://security.snyk.io/vuln/SNYK-PYTHON-ONNX-2395479"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGTBH5ZYL2LGYHIJDHN2MAUURIR5E7PY/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFJJID2IZDOLFDMWVYTBDI75ZJQC6JOL/"},{"type":"FIX","url":"https://github.com/onnx/onnx/commit/66b7fb630903fdcf3e83b6b6d56d82e904264a20"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/onnx/onnx","events":[{"introduced":"0"},{"fixed":"990217f043af7222348ca8f0301e17fa7b841781"},{"fixed":"66b7fb630903fdcf3e83b6b6d56d82e904264a20"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.16.0"}]}}],"versions":["v0.1","v0.2","v1.1.0","v1.3.0"],"database_specific":{"vanir_signatures":[{"signature_type":"Function","deprecated":false,"id":"CVE-2024-27318-0e34bd6f","signature_version":"v1","source":"https://github.com/onnx/onnx/commit/66b7fb630903fdcf3e83b6b6d56d82e904264a20","digest":{"function_hash":"279619965437319505598947798855971345192","length":402},"target":{"file":"onnx/common/path.h","function":"utf8str_to_wstring"}},{"signature_type":"Line","deprecated":false,"id":"CVE-2024-27318-14bb45d9","signature_version":"v1","source":"https://github.com/onnx/onnx/commit/66b7fb630903fdcf3e83b6b6d56d82e904264a20","digest":{"line_hashes":["104332037762270981435757562132327599062","289229950002979969790260531145507780362","235710238458363501160428489483432355262","246649006856259654861544403187248320216","89655112587566471677518766755142304267","27239894576351024163082160341011339904","230520410388084876710225632346370745078","213201732718700328232334630084512327267","199705114692086694747054418381209675772","66500932051990266901623911718657403723","39654343884552627927956043565242979222","201695667325899941457854645890663865231","110541219682966978691991225579477683026","51505807963359043486804472974565853258","240793468604267336076420736384845870829","7972147717643736253831403084125059114","31936116690110051065765316211968155895","223562932066134009542698909547755042615","231233032827250454131399580230198275144","151751336932430325045957862324626112823","97646370272031617055752027465710805655","333860663048746007699396373252128514496","316965716797159704309359764583355191994","127611080966658938118954731848255844334","10956387921208990924424734410052396420","255578257237703490390196987510470754145","14303694476745820714530017560520199001","94708870948924996500359369778759969194","137237736377969277829810156162721859758","52730757671234060243302140166847358466","34304570268340625279330634462880470927","103953047765694468221099531956158350153","631728490844132069727675233938394926","312111558179216668409188887243663881488","198435346555265319822522584760807101489","274263411207186989901105400150169336708","42935917157943482155445385556497235230","248867299062796773770173639510204880785","74824237473006242208324030187506266854","99958998079443416671974424941605185346","124688591024279549037421979965670172240","39654343884552627927956043565242979222","201695667325899941457854645890663865231","110541219682966978691991225579477683026","272269654716300411396408466456793889410","128760545056484813397325281803697049042","332183875007431216459300703523997440879","306571677050543809304216616204242731364","206378185338668227667685999825590241770","231233032827250454131399580230198275144","151751336932430325045957862324626112823","97646370272031617055752027465710805655","333860663048746007699396373252128514496","316965716797159704309359764583355191994","127611080966658938118954731848255844334","202024155122339839364693671759821862479","153878707109447658342833126944749968315","80912747145387905646592955756273671853","221667204741081772500964435205269726187","58695088025670081760283381159199791651","209501383238575632364083256517443973518","291371315624354478652889755005038321282","271596622378771173934456807490097286538","110663791574147327218892082700821262140","162825841806411871925585653698156522105","309805404178789295157209824794112189358","34304570268340625279330634462880470927","258005963401096900848020152711583255364","234924864726827392481951693627886150518","112153765193335070721742738860480859742","165082921901551961856450720023140540159","320840524451766573060288933964244744532","255927466363045277032670943649333879279","265509428884915991499735560798017590556","34304570268340625279330634462880470927","258005963401096900848020152711583255364","6562373507494491780604099969509185151","124502633350577458428380665343588238224","168825813275213747862537094267462295030","172547197573833809247029799385803180032","194231714249816697885080011234107511497","123074759988673625586437316398823472373","188562544525243291260664722352569022641","221925025439894443212256503649777084161","324764863192043696511029276723214812808"],"threshold":0.9},"target":{"file":"onnx/checker.cc"}},{"signature_type":"Function","deprecated":false,"id":"CVE-2024-27318-32bdd449","signature_version":"v1","source":"https://github.com/onnx/onnx/commit/66b7fb630903fdcf3e83b6b6d56d82e904264a20","digest":{"function_hash":"28756268382866020308799986267704226882","length":5422},"target":{"file":"onnx/checker.cc","function":"check_tensor"}},{"signature_type":"Line","deprecated":false,"id":"CVE-2024-27318-39e78dda","signature_version":"v1","source":"https://github.com/onnx/onnx/commit/66b7fb630903fdcf3e83b6b6d56d82e904264a20","digest":{"line_hashes":["127235201640194221748173879886145904451","54165068923478039693020928009049136797","178722793956276867127036141790972283850","259458540478357124636245718390242305862","31682249578723060881038963469197527654","205213531946190281180873952073997591293","136199331191120300942474527397075146534","254734016587688089686215887211494598728"],"threshold":0.9},"target":{"file":"onnx/common/path.h"}},{"signature_type":"Line","deprecated":false,"id":"CVE-2024-27318-50657c1b","signature_version":"v1","source":"https://github.com/onnx/onnx/commit/66b7fb630903fdcf3e83b6b6d56d82e904264a20","digest":{"line_hashes":["184743515865274812113834164525874135653","101189037897862780688846728834613355608","265880493409156323681436033432431323441"],"threshold":0.9},"target":{"file":"onnx/checker.h"}},{"signature_type":"Function","deprecated":false,"id":"CVE-2024-27318-52123b68","signature_version":"v1","source":"https://github.com/onnx/onnx/commit/66b7fb630903fdcf3e83b6b6d56d82e904264a20","digest":{"function_hash":"176551484445370247967565519395569753396","length":19272},"target":{"file":"onnx/cpp2py_export.cc","function":"PYBIND11_MODULE"}},{"signature_type":"Line","deprecated":false,"id":"CVE-2024-27318-57eab50b","signature_version":"v1","source":"https://github.com/onnx/onnx/commit/66b7fb630903fdcf3e83b6b6d56d82e904264a20","digest":{"line_hashes":["96408287160862078037987992404017714430","129578978491066932049875799683736809610","111499689284304609245521746451384862835"],"threshold":0.9},"target":{"file":"onnx/cpp2py_export.cc"}}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"39"}]},{"events":[{"introduced":"0"},{"last_affected":"40"}]}],"vanir_signatures_modified":"2026-04-10T20:22:19Z","source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-27318.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}