
We found results for “”
CVE-2024-12216
Good to know:

Date: March 20, 2025
A vulnerability in the "ImageClassificationDataset.from_csv()" API of the "dmlc/gluon-cv" repository, version 0.10.0, allows for arbitrary file write. The function downloads and extracts "tar.gz" files from URLs without proper sanitization, making it susceptible to a TarSlip vulnerability. Attackers can exploit this by crafting malicious tar files that, when extracted, can overwrite files on the victim's system via path traversal or faked symlinks.
Severity Score
Related Resources (5)
Severity Score
Weakness Type (CWE)
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | LOCAL |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | REQUIRED |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | HIGH |
Availability (A): | HIGH |