| license: mit | |
| tags: | |
| - security-research | |
| - vulnerability-poc | |
| # coremltools .mlpackage Path Traversal PoC (CWE-22) | |
| **Security Research — Responsible Disclosure** | |
| This repository contains a proof-of-concept malicious `.mlpackage` demonstrating a path traversal vulnerability in Apple coremltools' ModelPackage Manifest.json handling. | |
| ## Files | |
| - `malicious.mlpackage/` — Malicious .mlpackage directory with traversal path in Manifest.json | |
| - `poc.py` — Exploitation script | |
| ## Vulnerability | |
| coremltools does not validate the `path` field in `.mlpackage/Manifest.json`. An attacker can use `../` sequences to cause `getRootModel().path()` to return a path outside the package, which is then opened by `load_spec()`. | |
| ## Usage | |
| ```bash | |
| pip install coremltools | |
| python poc.py | |
| ``` | |
| ## Disclaimer | |
| This PoC is for authorized security research and responsible disclosure only. The target file is `/etc/hostname` (harmless, world-readable). | |