Critical severity9.1NVD Advisory· Published Mar 20, 2025· Updated Jun 17, 2026
CVE-2024-7776
CVE-2024-7776
Description
A vulnerability in the download_model function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker to overwrite files in the user's directory, potentially leading to remote command execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
onnxPyPI | < 1.17.0 | 1.17.0 |
Affected products
2- onnx/onnx/onnxv5Range: unspecified
Patches
Vulnerability mechanics
References
6- huntr.com/bounties/a7a46cf6-1fa0-454b-988c-62d222e83f63nvdExploitThird Party AdvisoryWEB
- github.com/advisories/GHSA-h36j-8vv3-cj52ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-7776ghsaADVISORY
- github.com/onnx/onnx/commit/1b70f9b673259360b6a2339c4bd97db9ea6e552fghsaWEB
- github.com/onnx/onnx/pull/6222ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/onnx/PYSEC-2025-10.yamlghsaWEB
News mentions
0No linked articles in our index yet.