Safety vulnerability ID: 76271
The information on this page was manually curated by our Cybersecurity Intelligence Team.
A vulnerability in the ImageClassificationDataset.from_csv() API of the dmlc/gluon-cv repository, version 0.10.0, allows for arbitrary file write. The function downloads and extracts tar.gz files from URLs without proper sanitization, making it susceptible to a TarSlip vulnerability. Attackers can exploit this by crafting malicious tar files that, when extracted, can overwrite files on the victim's system via path traversal or faked symlinks.
Latest version: 0.10.5.post0
Gluon CV Toolkit
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application