PoC: DirectoryReader Path Traversal — Arbitrary File Read

Vulnerability: torch/package/_directory_reader.py:35-48 — All three methods (get_record(), get_storage_from_record(), has_record()) construct file paths by concatenating the base directory with unsanitized user-supplied names. Path traversal via ../ sequences reads arbitrary files from the filesystem.

Files

poc_dirreader_traversal.py — Full PoC (path traversal + filesystem probing + realistic scenario)

Quick Start

pip install torch
python poc_dirreader_traversal.py

Expected Output

get_record("../../../../etc/passwd") reads /etc/passwd (3454 bytes, 60 lines)
has_record() probes filesystem for sensitive files (SSH keys, /proc/self/environ, etc.)
Realistic malicious package scenario reads /etc/passwd via DirectoryReader