PyPI: onnxruntime
SFTY-20260305-43507
Safety legacy ID: pyup.io-88358
Affected versions of the onnxruntime package are vulnerable to path traversal due to insufficient validation of external TensorProto data paths. The external data loading path validation did not ensure referenced files stayed under the model directory, so a crafted model could point external_data.location at absolute paths or .. escapes; this was fixed in PR #26776 / commit b365bef and merged as 7f046a5. https://github.com/microsoft/onnxruntime/commit/7f046a55c03f20047f82fc362b53411cf5b7d856
Overview
Affected versions of the onnxruntime package are vulnerable to path traversal due to insufficient validation of external TensorProto data paths. The external data loading path validation did not ensure referenced files stayed under the model directory, so a crafted model could point external_data.location at absolute paths or .. escapes; this was fixed in PR #26776 / commit b365bef and merged as 7f046a5. https://github.com/microsoft/onnxruntime/commit/7f046a55c03f20047f82fc362b53411cf5b7d856
Advisory
Affected versions of the onnxruntime package are vulnerable to path traversal due to insufficient validation of external TensorProto data paths. The external data loading path validation did not ensure referenced files stayed under the model directory, so a crafted model could point external_data.location at absolute paths or .. escapes; this was fixed in PR #26776 / commit b365bef and merged as 7f046a5. https://github.com/microsoft/onnxruntime/commit/7f046a55c03f20047f82fc362b53411cf5b7d856
How to Fix
Mitigation and Workarounds
---
Vulnerable Functions
Functions linked to known vulnerabilities.
Verified by Safety
Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.
Learn more