CVE-2023-5245 – ml.combust.mleap:mleap-runtime_2.12

Package

Manager: maven
Name: ml.combust.mleap:mleap-runtime_2.12
Vulnerable Version: >=0 <0.23.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00332 pctl0.55451

Details

Zip slip in mleap FileUtil.extract() enumerates all zip file entries and extracts each file without validating whether file paths in the archive are outside the intended directory. When creating an instance of TensorflowModel using the saved_model format and an exported tensorflow model, the apply() function invokes the vulnerable implementation of FileUtil.extract(). Arbitrary file creation can directly lead to code execution

Metadata

Created: 2023-11-15T15:30:21Z
Modified: 2023-11-23T03:36:16Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-897x-xvj8-42rq/GHSA-897x-xvj8-42rq.json
CWE IDs: ["CWE-22"]
Alternative ID: GHSA-897x-xvj8-42rq
Finding: F063
Auto approve: 1