Open Neural Network Exchange (ONNX) 路径遍历漏洞

该路径遍历漏洞允许攻击者通过构造恶意的tar文件，绕过安全检查，将文件覆盖到用户目录。攻击者可以利用此漏洞覆盖关键配置文件、可执行文件或其他敏感数据，从而可能导致远程命令执行。如果成功覆盖了具有执行权限的文件，攻击者可以完全控制受影响的系统。这种攻击模式类似于其他文件上传漏洞，但利用了tar文件的特性进行路径遍历。

Python developers and systems administrators using the onnx framework in their applications are at risk. This includes those deploying machine learning models or applications that rely on the onnx format. Shared hosting environments where multiple users share the same file system are particularly vulnerable, as a malicious tar file uploaded by one user could potentially impact others.

• python / supply-chain:

import os
import tarfile

def check_onnx_vulnerability(tar_file_path):
    try:
        with tarfile.open(tar_file_path, 'r') as tar:
            for member in tar.getmembers():
                if '../' in member.name:
                    print(f"Potential path traversal detected in: {member.name}")
                    return True
    except Exception as e:
        print(f"Error processing tar file: {e}")
        return False

# Example usage:
# Replace with the path to a potentially malicious tar file
tar_file = 'malicious.tar.gz'
if check_onnx_vulnerability(tar_file):
    print("Vulnerability likely present.")
else:
    print("No immediate path traversal detected.")

• generic web: Check for unusual file downloads or modifications in web server access logs, especially those related to model downloads.

1. 2025-03-20Disclosure

   disclosure

1. 已保留2024-08-13
2. 发布日期2025-03-20
3. 修改日期2025-03-27
4. EPSS 更新日期2026-04-02

最有效的缓解措施是立即升级到onnx框架1.17.0或更高版本。如果无法立即升级，可以考虑使用Web应用防火墙（WAF）来过滤恶意tar文件上传请求，并限制用户目录的写入权限。此外，可以实施严格的文件类型验证和路径清理措施，以防止攻击者绕过安全检查。在升级后，请验证文件权限和配置是否正确，确保没有被恶意覆盖。