VYPR
Critical severity9.1NVD Advisory· Published Mar 20, 2025· Updated Jun 17, 2026

CVE-2024-7776

CVE-2024-7776

Description

A vulnerability in the download_model function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker to overwrite files in the user's directory, potentially leading to remote command execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
onnxPyPI
< 1.17.01.17.0

Affected products

2
  • ghsa-coords
    Range: < 1.17.0
  • onnx/onnx/onnxv5
    Range: unspecified

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.