| # Core ML Path Traversal via BlobFileValue.fileName (Windows) | |
| ## Vulnerability | |
| `_load_file_value()` in `coremltools/converters/mil/frontend/milproto/load.py` | |
| sanitizes `fileName` with `split("/")[-1]`, which only strips forward slashes. | |
| On Windows, backslash directory traversal passes through completely. | |
| A crafted .mlpackage with `fileName = "..\\..\\..\\sensitive_file"` reads | |
| arbitrary files when loaded on Windows. | |
| ## Affected | |
| coremltools all versions. File: `coremltools/converters/mil/frontend/milproto/load.py`, line 113. | |