MONAI Path Traversal Vulnerability in NGC Private Bundle Download

A path traversal vulnerability, known as Zip Slip, has been identified in the MONAI toolkit for healthcare imaging, specifically in versions through 1.5.1. The vulnerability arises in the `_download_from_ngc_private()` function, which uses `zipfile.ZipFile.extractall()` to extract files from a ZIP archive without proper path validation. This oversight could allow a malicious ZIP file to write files outside the intended extraction directory. In contrast, other download functions in MONAI's codebase correctly utilize a safe extraction method that prevents such path traversal.

Impact

Exploitation of this vulnerability could lead to unauthorized file writes outside the designated extraction directory, potentially overwriting existing files or creating new ones in sensitive locations. The actual impact would depend on the user's permissions, the location where the files are written, and the Python version in use.

Reproduction

To reproduce this vulnerability, create a malicious ZIP file containing a path traversal entry, such as a file intended to be extracted outside the normal directory structure. Then, use MONAI's `_download_from_ngc_private()` function to download from an NGC private repository, ensuring that the `source="ngc_private"` parameter is used. The vulnerable extraction method will allow the path traversal entry to escape the intended directory.

Remediation

Users can update to MONAI version 1.5.2 or later, where this vulnerability has been fixed. The patch replaces the direct use of `zipfile.ZipFile.extractall()` with a call to MONAI's safe extraction utility, which properly validates member paths to prevent path traversal attacks.