| license: mit | |
| tags: | |
| - security-research | |
| - vulnerability-poc | |
| # TFjs-node Path Traversal PoC (CWE-22) | |
| **Security Research — Responsible Disclosure** | |
| Path traversal in `@tensorflow/tfjs-node` via `weightsManifest.paths` in model.json allows arbitrary file read. | |
| ## Usage | |
| ```bash | |
| npm install @tensorflow/tfjs @tensorflow/tfjs-node | |
| node poc.js | |
| ``` | |
| ## Disclaimer | |
| For authorized security research only. Target file is /etc/hostname (harmless). | |