onnx@1.12.0 vulnerabilities

Open Neural Network Exchange

Known vulnerabilities in the onnx package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
H Directory Traversal onnx is an Open Neural Network Exchange Affected versions of this package are vulnerable to Directory Traversal due to unsafe path manipulation in `external_data_helper.py`. An attacker can traverse up the directory tree from a base path to expose files outside the intended working directory. This is a bypass for the previously reported CVE-2022-25882. How to fix Directory Traversal? Upgrade `onnx` to version 1.16.0 or higher.	[,1.16.0)
M Out-of-bounds Read onnx is an Open Neural Network Exchange Affected versions of this package are vulnerable to Out-of-bounds Read due to the `ONNX_ASSERT` and `ONNX_ASSERTM` functions having an off-by-one string copy. How to fix Out-of-bounds Read? Upgrade `onnx` to version 1.16.0 or higher.	[,1.16.0)
H Directory Traversal onnx is an Open Neural Network Exchange Affected versions of this package are vulnerable to Directory Traversal as the `external_data` field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../../etc/passwd" How to fix Directory Traversal? Upgrade `onnx` to version 1.13.0 or higher.	[,1.13.0)