Listen to this Post
Intro
The vulnerability stems from the EasyOCR model downloader’s lack of validation on member paths within ZIP archives. Applications often need to download and extract models from remote repositories. In EasyOCR versions prior to 2.91.0, the `zipfile.extractall()` method was used without any sanitization of the archive’s internal paths.
An attacker who can intercept or influence the model download—through techniques like a Man-in-the-Middle (MITM) attack on an unencrypted channel, DNS spoofing, or compromising the upstream repository—can inject a malicious ZIP file. This archive contains entries with paths like `../../../../etc/cron.d/backdoor` or ../../../usr/lib/python3/site-packages/easyocr/__init__.py.
The extraction routine processes these paths as-is, performing no checks to ensure they reside within the intended output directory. The result is that the process can write arbitrary files to any location on the filesystem for which it has write permissions. The attacker can achieve persistent compromise by overwriting startup scripts, SSH keys, or core application Python files, leading to full Remote Code Execution (RCE). The flaw was fixed in version 2.91.0 by adding a safety check that uses `os.path.realpath()` to verify each member’s final destination, raising a `SecurityError` if a path traversal attempt is detected.
DailyCVE Form
Platform: Python PyPI
Version: < 2.91.0
Vulnerability : Zip Slip
Severity: High (7.5)
date: 2026-06-02
Prediction: 2026-07-03
What Undercode Say
Affected Package: `easyocr`
Attack Vector: Network (MITM)
Check Version:
pip show easyocr | grep Version
Simulate a Malicious Archive:
Create a zip that writes to /tmp/pwned echo "pwned" > evil.txt zip evil.zip evil.txt Inject path traversal (requires zipnote) printf "evil.txt" | zipnote -w evil.zip
Exploit
A malicious server can respond to the model download request with a crafted ZIP. Using common Python extraction logic, the exploit looks like this:
import zipfile
Attacker-controlled archive
with zipfile.ZipFile("model.zip", "r") as zf:
Each file is written to the path specified in the archive
zf.extractall("/path/to/EasyOCR/models")
If `model.zip` contains ../../../etc/crontab, the file is written to the system’s crontab.
Protection
Upgrade: Immediately update to version `2.91.0` or higher.
pip install --upgrade easyocr>=2.91.0
Manual Validation: If upgrading is impossible, manually validate all extracted files.
import os, zipfile
target_dir = os.path.realpath("models")
with zipfile.ZipFile("model.zip") as zf:
for member in zf.namelist():
path = os.path.realpath(os.path.join(target_dir, member))
if not path.startswith(target_dir):
raise Exception("Zip Slip detected!")
Integrity Checks: Use SHA-256 checksums for downloaded models.
Network Security: Enforce HTTPS for model downloads and consider using private mirrors.
Impact
Successful exploitation allows an attacker to write arbitrary files anywhere the application has permissions. This can directly lead to:
Remote Code Execution: Overwriting Python modules or system binaries.
Persistence: Inserting backdoors into startup routines.
Data Tampering: Modifying configuration or critical application data.
🎯Let’s Practice Exploiting & Learn Patching For Free:
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
