High severity7.1GHSA Advisory· Published Mar 20, 2025· Updated Apr 15, 2026
CVE-2024-12216
CVE-2024-12216
Description
A vulnerability in the ImageClassificationDataset.from_csv() API of the dmlc/gluon-cv repository, version 0.10.0, allows for arbitrary file write. The function downloads and extracts tar.gz files from URLs without proper sanitization, making it susceptible to a TarSlip vulnerability. Attackers can exploit this by crafting malicious tar files that, when extracted, can overwrite files on the victim's system via path traversal or faked symlinks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
gluoncvPyPI | <= 0.10.0 | — |
Affected products
2Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.