CVSS 3.1 Score 7.5 of 10 (high)


Published Feb 23, 2024
Updated: Mar 30, 2024


CVE-2024-27318 is a vulnerability that affects versions of the package onnx before and including 1.15.0. It is categorized as a Directory Traversal vulnerability, specifically CWE-22 (Improper Limitation of a Pathname to a Restricted Directory). The vulnerability allows the external_data field of the tensor proto to have a path to a file outside the model's current directory or user-provided directory. This vulnerability bypasses the patch added for CVE-2022-25882. The base severity of this vulnerability is HIGH, with a base score of 7.5 according to CVSS version 3.1. It has a potential impact on confidentiality, with no required privileges or user interaction needed for exploitation. The exploitability score is 3.9, indicating medium ease of exploitation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.


Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2024-27318 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions