CVE-2024-5187 – A path traversal vulnerability in ONNX framewor... (How to Fix)

📋 TL;DR

A path traversal vulnerability in ONNX framework's download_model_with_test_data function allows attackers to overwrite arbitrary system files via malicious tar archives. This affects users of ONNX version 1.16.0 who process untrusted tar files, potentially leading to remote code execution or system compromise.

💻 Affected Systems

Products:

onnx/onnx framework

Versions: 1.16.0

Operating Systems: All platforms where ONNX runs

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is present in default configuration when processing tar files via the affected function.

📦 What is this software?

Onnx by Linuxfoundation

View all CVEs affecting Onnx →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via remote code execution, credential theft via SSH key overwrite, or permanent data destruction by overwriting critical system files.

🟠

Likely Case

Application compromise leading to data loss, service disruption, or lateral movement within the environment.

🟢

If Mitigated

Limited impact if proper file permissions and sandboxing prevent overwriting of sensitive files.

🌐 Internet-Facing: HIGH if application processes user-uploaded tar files without validation.

🏢 Internal Only: MEDIUM if only internal users can supply tar files, but still significant due to potential lateral movement.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof-of-concept demonstrates overwriting authorized_keys file. Simple tar file creation required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.16.1 or later

Vendor Advisory: https://github.com/onnx/onnx/security/advisories

Restart Required: No

Instructions:

1. Update ONNX package: pip install --upgrade onnx>=1.16.1
2. Verify no applications are pinned to vulnerable version
3. Test functionality with updated version

🔧 Temporary Workarounds

Validate tar file paths

all

Implement custom validation to reject tar entries with absolute paths or path traversal sequences

Run with restricted permissions

linux

Execute ONNX processes with minimal file system permissions using containerization or user restrictions

docker run --read-only -v /safe/path:/data image_name

🧯 If You Can't Patch

Disable download_model_with_test_data function if not required
Implement strict input validation for all tar file processing

🔍 How to Verify

Check if Vulnerable:

Check ONNX version: python -c "import onnx; print(onnx.__version__)" - if output is 1.16.0, system is vulnerable.

Check Version:

python -c "import onnx; print(onnx.__version__)"

Verify Fix Applied:

After update, verify version is 1.16.1 or later using same command.

📡 Detection & Monitoring

Log Indicators:

Unexpected file writes outside expected directories
Tar extraction errors with path traversal attempts

Network Indicators:

Unusual tar file uploads to ONNX endpoints

SIEM Query:

source="application.log" AND "tar extraction" AND ("absolute path" OR "../")

📊 Metadata

CVE ID: CVE-2024-5187

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-22

Published: June 6, 2024

Last Updated: November 21, 2024

🔗 References

https://huntr.com/bounties/50235ebd-3410-4ada-b064-1a648e11237e Exploit,Issue Tracking,Third Party Advisory
https://huntr.com/bounties/50235ebd-3410-4ada-b064-1a648e11237e Exploit,Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-5187, you might also want to check these: