| # Core ML Path Traversal PoC | |
| Crafted `.mlpackage` with path traversal in Manifest.json `path` field. | |
| ## Usage | |
| ```bash | |
| pip install coremltools torch | |
| python poc_coreml_path_traversal.py | |
| ``` | |
| ## Root Cause | |
| `ModelPackage.cpp` line 308/466: `m_packageDataDirPath / path` without canonicalization. | |