CVE-2023-5245
HIGHMLeap < 0.23.1 - Path Traversal and Remote Code Execution via FileUtil.extract()
Title source: llmDescription
FileUtil.extract() enumerates all zip file entries and extracts each file without validating whether file paths in the archive are outside the intended directory. When creating an instance of TensorflowModel using the saved_model format and an exported tensorflow model, the apply() function invokes the vulnerable implementation of FileUtil.extract(). Arbitrary file creation can directly lead to code execution
References (2)
Core 2
Core References
Issue Tracking, Patch patch
https://github.com/combust/mleap/pull/866#issuecomment-1738032225
Exploit, Third Party Advisory third-party-advisory
https://research.jfrog.com/vulnerabilities/mleap-path-traversal-rce-xray-532656/
Scores
CVSS v3
7.5
EPSS
0.0119
EPSS Percentile
63.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-22
Status
published
Products (3)
combust/mleap
0.18.0
combust/mleap
0.23.0
ml.combust.mleap/mleap-runtime_2.12
0 - 0.23.1Maven
Published
Nov 15, 2023
Tracked Since
Feb 18, 2026