High

djl

Arbitrary File Overwrite & RCE via Tarfile Path Traversal

A vulnerability in DJL version 0.27.0 allows for arbitrary file overwrite and potential remote code execution via tarfile path traversal. This issue was patched in version 0.28.0.

Available publicly on Sep 30 2024

7.8

CVSS:

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Threat Overview

The DJL package's untar function attempts to prevent path traversal by checking for relative path traversals but fails to account for absolute path traversals. An attacker can exploit this by creating a tarfile with absolute paths, leading to arbitrary file overwrite and potential remote code execution. This can have severe consequences, including unauthorized SSH access, web server exploitation, and availability impacts.

Attack Scenario

An attacker creates a malicious tarfile containing an absolute path to a sensitive file, such as /root/.ssh/authorized_keys. When this tarfile is processed by the DJL framework, it overwrites the target file, potentially allowing the attacker to gain unauthorized access or execute arbitrary code on the system.

Who is affected

Users of DJL version 0.27.0 who utilize the untar function to process tarfiles are affected. This includes systems where DJL is used to download and save models or other resources.

Technical Report
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.