CVE-2023-5245 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

FileUtil.extract() enumerates all zip file entries and extracts each file without validating whether file paths in the archive are outside the intended directory. When creating an instance of TensorflowModel using the saved_model format and an exported tensorflow model, the apply() function invokes the vulnerable implementation of FileUtil.extract(). Arbitrary file creation can directly lead to code execution

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Combust	Mleap	0.18.0

Related Weaknesses (CWE)

CWE-22

References

https://github.com/combust/mleap/pull/866#issuecomment-1738032225Issue TrackingPatch
https://research.jfrog.com/vulnerabilities/mleap-path-traversal-rce-xray-532656/ExploitThird Party Advisory
https://github.com/combust/mleap/pull/866#issuecomment-1738032225Issue TrackingPatch
https://research.jfrog.com/vulnerabilities/mleap-path-traversal-rce-xray-532656/ExploitThird Party Advisory

FAQ

What is CVE-2023-5245?

CVE-2023-5245 is a vulnerability with a CVSS score of 7.5 (HIGH). FileUtil.extract() enumerates all zip file entries and extracts each file without validating whether file paths in the archive are outside the intended directory. When creating an instance of Tensorf...

How severe is CVE-2023-5245?

CVE-2023-5245 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-5245?

Check the references section above for vendor advisories and patch information. Affected products include: Combust Mleap.