{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-25T17:28:07.855","vulnerabilities":[{"cve":{"id":"CVE-2024-7776","sourceIdentifier":"security@huntr.dev","published":"2025-03-20T10:15:37.520","lastModified":"2025-03-26T17:20:27.680","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the `download_model` function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker to overwrite files in the user's directory, potentially leading to remote command execution."},{"lang":"es","value":"Una vulnerabilidad en la función `download_model` del framework onnx/onnx, anterior a la versión 1.16.1 incluida, permite la sobrescritura arbitraria de archivos debido a la prevención inadecuada de ataques de path traversal en archivos tar maliciosos. Esta vulnerabilidad puede ser explotada por un atacante para sobrescribir archivos en el directorio del usuario, lo que podría provocar la ejecución remota de comandos."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:onnx:onnx:*:*:*:*:*:*:*:*","versionEndIncluding":"1.16.1","matchCriteriaId":"F3C3A586-29F2-4E07-AF43-2C1428A90EF2"}]}]}],"references":[{"url":"https://huntr.com/bounties/a7a46cf6-1fa0-454b-988c-62d222e83f63","source":"security@huntr.dev","tags":["Exploit","Third Party Advisory"]},{"url":"https://huntr.com/bounties/a7a46cf6-1fa0-454b-988c-62d222e83f63","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]}]}}]}