Maven package
ml.combust.mleap/mleap-runtime_2.12
pkg:maven/ml.combust.mleap/mleap-runtime_2.12
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-5245 | Hig | 7.5 | < 0.23.1 | 0.23.1 | Nov 15, 2023 | FileUtil.extract() enumerates all zip file entries and extracts each file without validating whether file paths in the archive are outside the intended directory. When creating an instance of TensorflowModel using the saved_model format and an exported tensorflow model, the appl |
- affected < 0.23.1fixed 0.23.1
FileUtil.extract() enumerates all zip file entries and extracts each file without validating whether file paths in the archive are outside the intended directory. When creating an instance of TensorflowModel using the saved_model format and an exported tensorflow model, the appl