MEDIUM 4.4
PYSEC-2026-685
Path Traversal in nemo-toolkit
Details
NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR WebApp, in which ../ Path Traversal may lead to deletion of any directory when admin privileges are available.
Are you affected?
Enter the version of the package you're using.
Affected packages
PyPI / nemo-toolkit
Introduced in:
0 Fixed in: 1.6.0 Fix
pip install --upgrade 'nemo-toolkit>=1.6.0'