CVE-2024-2914

A TarSlip vulnerability exists in the deepjavalibrary/djl, affecting version 0.26.0 and fixed in version 0.27.0. This vulnerability allows an attacker to manipulate file paths within tar archives to overwrite arbitrary files on the target system. Exploitation of this vulnerability could lead to remote code execution, privilege escalation, data theft or manipulation, and denial of service. The vulnerability is due to improper validation of file paths during the extraction of tar files, as demonstrated in multiple occurrences within the library's codebase, including but not limited to the files_util.py and extract_imagenet.py scripts.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector : AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/deepjavalibrary/djl/commit/5235be508cec9e8cb6f496a4ed2fa40e4f62c370
https://huntr.com/bounties/b064bd2f-bf6e-4fc0-898e-7d02a9b97e24

Configurations

No configuration.

History

No history.

Information

Published : 2024-06-06 18:15

Updated : 2024-06-07 14:56

NVD link : CVE-2024-2914

Mitre link : CVE-2024-2914

CVE.ORG link : CVE-2024-2914

JSON object : View

Products Affected

No product.

CWE

CWE-29

Path Traversal: '\..\filename'

{"id": "CVE-2024-2914", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "security@huntr.dev", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-06-06T18:15:13.227", "references": [{"url": "https://github.com/deepjavalibrary/djl/commit/5235be508cec9e8cb6f496a4ed2fa40e4f62c370", "source": "security@huntr.dev"}, {"url": "https://huntr.com/bounties/b064bd2f-bf6e-4fc0-898e-7d02a9b97e24", "source": "security@huntr.dev"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security@huntr.dev", "description": [{"lang": "en", "value": "CWE-29"}]}], "descriptions": [{"lang": "en", "value": "A TarSlip vulnerability exists in the deepjavalibrary/djl, affecting version 0.26.0 and fixed in version 0.27.0. This vulnerability allows an attacker to manipulate file paths within tar archives to overwrite arbitrary files on the target system. Exploitation of this vulnerability could lead to remote code execution, privilege escalation, data theft or manipulation, and denial of service. The vulnerability is due to improper validation of file paths during the extraction of tar files, as demonstrated in multiple occurrences within the library's codebase, including but not limited to the files_util.py and extract_imagenet.py scripts."}, {"lang": "es", "value": "Existe una vulnerabilidad Tarslip en deepjavalibrary/djl, que afecta a la versi\u00f3n 0.26.0 y se corrigi\u00f3 en la versi\u00f3n 0.27.0. Esta vulnerabilidad permite a un atacante manipular rutas de archivos dentro de archivos tar para sobrescribir archivos arbitrarios en el sistema de destino. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda conducir a la ejecuci\u00f3n remota de c\u00f3digo, escalada de privilegios, robo o manipulaci\u00f3n de datos y denegaci\u00f3n de servicio. La vulnerabilidad se debe a una validaci\u00f3n inadecuada de las rutas de los archivos durante la extracci\u00f3n de archivos tar, como se demuestra en m\u00faltiples apariciones dentro del c\u00f3digo base de la librer\u00eda, incluidos, entre otros, los scripts files_util.py y extract_imagenet.py."}], "lastModified": "2024-06-07T14:56:05.647", "sourceIdentifier": "security@huntr.dev"}