Core ML Path Traversal via BlobFileValue.fileName (Windows)

Vulnerability

_load_file_value() in coremltools/converters/mil/frontend/milproto/load.py sanitizes fileName with split("/")[-1], which only strips forward slashes. On Windows, backslash directory traversal passes through completely.

A crafted .mlpackage with fileName = "..\\..\\..\\sensitive_file" reads arbitrary files when loaded on Windows.

Affected

coremltools all versions. File: coremltools/converters/mil/frontend/milproto/load.py, line 113.