PreferredAI Cornac
- < 2.6.0
A path traversal vulnerability has been identified in Cornac versions prior to 2.6.0. This vulnerability, classified as a 'Tar Slip' issue, allows attackers to write arbitrary files outside the designated cache directory. The vulnerability arises from the _extract_archive() function in cornac/utils/download.py, which can be exploited by sending a crafted TAR archive that includes ../ sequences, absolute paths, or symlink/hardlink entries. The built-in dataset loaders can trigger this vulnerability by automatically downloading and extracting archives, which causes archive.extractall() to write files to unintended locations on the filesystem that are accessible to the running process.
Exploitation of this vulnerability could lead to unauthorized writing of files to arbitrary locations on the filesystem, potentially overwriting critical files or causing other disruptions.
To reproduce this vulnerability, use a Cornac version prior to 2.6.0 and upload a TAR archive through the built-in dataset loaders that contains path traversal sequences, absolute paths, or symlink/hardlink entries. The archive will be extracted by the _extract_archive() function, allowing files to be written outside the intended cache directory.
Users can upgrade to Cornac version 2.6.0 or later, where this vulnerability has been fixed.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.