Rembg
Monthly
Unauthenticated remote attackers can exploit a path traversal vulnerability in rembg's HTTP server (versions prior to 2.0.75) by sending a crafted request with a malicious model_path parameter to read arbitrary files from the server filesystem. The vulnerability allows attackers to enumerate file existence and permissions, and potentially extract file contents through verbose error messages when the server attempts to load arbitrary paths as ONNX models. This is a confirmed vulnerability with a vendor-released patch available in version 2.0.75.
Rembg is a tool to remove images background. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Rembg is a tool to remove images background. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Unauthenticated remote attackers can exploit a path traversal vulnerability in rembg's HTTP server (versions prior to 2.0.75) by sending a crafted request with a malicious model_path parameter to read arbitrary files from the server filesystem. The vulnerability allows attackers to enumerate file existence and permissions, and potentially extract file contents through verbose error messages when the server attempts to load arbitrary paths as ONNX models. This is a confirmed vulnerability with a vendor-released patch available in version 2.0.75.
Rembg is a tool to remove images background. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Rembg is a tool to remove images background. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.