| # PoC: DirectoryReader Path Traversal — Arbitrary File Read | |
| **Vulnerability:** `torch/package/_directory_reader.py:35-48` — All three methods (`get_record()`, `get_storage_from_record()`, `has_record()`) construct file paths by concatenating the base directory with unsanitized user-supplied names. Path traversal via `../` sequences reads arbitrary files from the filesystem. | |
| ## Files | |
| - `poc_dirreader_traversal.py` — Full PoC (path traversal + filesystem probing + realistic scenario) | |
| ## Quick Start | |
| ```bash | |
| pip install torch | |
| python poc_dirreader_traversal.py | |
| ``` | |
| ## Expected Output | |
| - `get_record("../../../../etc/passwd")` reads /etc/passwd (3454 bytes, 60 lines) | |
| - `has_record()` probes filesystem for sensitive files (SSH keys, /proc/self/environ, etc.) | |
| - Realistic malicious package scenario reads /etc/passwd via DirectoryReader | |