Login Sign Up

CVE-2022-31545

9.3 CRITICAL
Path Traversal

📋 TL;DR

This vulnerability allows attackers to read arbitrary files on the server through absolute path traversal in the ml-inory/ModelConverter repository. It affects any system running this software with the vulnerable Flask send_file implementation. The high CVSS score reflects the potential for sensitive data exposure.

💻 Affected Systems

Products:
  • ml-inory/ModelConverter
Versions: All versions through 2021-04-26
Operating Systems: All operating systems running Python/Flask
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects deployments using the vulnerable Flask send_file implementation in the repository.

📦 What is this software?

Modelconverter by Modelconverter Project

View all CVEs affecting Modelconverter →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise through reading sensitive files like /etc/passwd, SSH keys, or configuration files containing credentials, potentially leading to lateral movement.

🟠

Likely Case

Unauthorized access to sensitive files on the server, including source code, configuration files, and potentially user data.

🟢

If Mitigated

Limited impact with proper file system permissions and network segmentation preventing access to critical system files.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability is well-documented in GitHub security advisories with proof-of-concept details available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 2021-04-26

Vendor Advisory: https://github.com/github/securitylab/issues/669

Restart Required: Yes

Instructions:

1. Update to the latest version of ml-inory/ModelConverter repository. 2. Replace vulnerable Flask send_file calls with secure implementations. 3. Restart the application service.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement strict input validation to reject absolute paths and directory traversal sequences

Web Application Firewall Rules

all

Configure WAF to block requests containing path traversal patterns like '../' or absolute paths

🧯 If You Can't Patch

  • Implement strict file system permissions to limit application access to only necessary directories
  • Deploy network segmentation to isolate vulnerable systems from sensitive data stores

🔍 How to Verify

Check if Vulnerable:

Review Flask send_file usage in the application code for unsafe path handling without validation

Check Version:

Check repository commit history or version metadata to confirm it's newer than 2021-04-26

Verify Fix Applied:

Test that absolute path traversal attempts are properly rejected and return appropriate error responses

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests containing absolute paths or directory traversal sequences
  • Unusual file access patterns from web application user

Network Indicators:

  • HTTP requests with suspicious path parameters attempting to access system files

SIEM Query:

web_access_logs WHERE url CONTAINS '/etc/' OR url CONTAINS '../' OR url CONTAINS 'C:\'

📊 Metadata

CVE ID: CVE-2022-31545
CVSS v3 Score: 9.3 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
CWE: CWE-22
Published: July 11, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-31545, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)