Hugging Face's logo

ryansecuritytest-fanpierlabs
/
onnxruntime-tensorrt-rtx-path-traversal-poc

ONNX
security-research
proof-of-concept
vulnerability
Model card Files
xet
 Community

PoC: ONNX Runtime NV TensorRT RTX Path Traversal

This repository contains a proof-of-concept for a security vulnerability. It is intended for responsible disclosure via huntr.com.

Vulnerability

Inverted boolean logic in onnx_ctx_model_helper.cc (line 321) of the NV TensorRT RTX execution provider disables path traversal security checks when loading EP context models from file paths.

Vulnerable code:

bool make_secure_path_checks = ep_context_model_path_.empty();
// Should be: !ep_context_model_path_.empty();

Files

  • malicious_ep_context_model.onnx โ€” Crafted ONNX model with path traversal payload in onnx_model_filename attribute
  • poc_onnxruntime_tensorrt_rtx.py โ€” Script that generates the PoC model and explains the vulnerability

Impact

Arbitrary file read when loading attacker-supplied ONNX models with the NvTensorRTRTX execution provider.

Researcher

Ryan โ€” Fan Pier Labs (ryan@fanpierlabs.com)

Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. ๐Ÿ™‹ Ask for provider support