OpenVINO ONNX Path Traversal PoC (CWE-22)
Security Research โ Responsible Disclosure
This repository contains a proof-of-concept malicious ONNX model demonstrating a path traversal vulnerability in OpenVINO's ONNX frontend (sanitize_path() bypass).
Files
malicious_model/malicious_model.onnxโ ONNX model with external_data location containing../traversalmalicious_model/data/โ Required subdirectory forweakly_canonical()resolutionpoc.pyโ Exploitation script
Vulnerability
OpenVINO's sanitize_path() in file_util.cpp only strips LEADING characters from {/, ., \}. A path like data/../../../etc/hostname starts with d (not in strip set), passes unchanged, and weakly_canonical() resolves the traversal.
Usage
pip install openvino onnx numpy
python poc.py
Disclaimer
This PoC is for authorized security research and responsible disclosure only. The target file is /etc/hostname (harmless, world-readable).
Inference Providers NEW
This model isn't deployed by any Inference Provider. ๐ Ask for provider support