CVE-2023-48299

CVE-2023-48299 (TorchServe ZipSlip) affects TorchServe versions 0.1.0 through 0.9.0 via the model/workflow management API, where uploading archives could cause files to be extracted to any location within process permissions. The underlying issue is unvalidated ZIP file paths, enabling potential ...

CVE-2023-48299 TorchServe ZipSlip

TorchServe is a tool for serving and scaling PyTorch models in production. Starting in version 0.1.0 and prior to version 0.9.0, using the model/workflow management API, there is a chance of uploading potentially harmful archives that contain files that are extracted to any location on the...

TorchServe ZipSlip

Impact Using the model/workflow management API, there is a chance of uploading potentially harmful archives that contain files that are extracted to any location on the filesystem that is within the process permissions. Leveraging this issue could aid third-party actors in hiding harmful code in...

PyTorch Security Vulnerabilities

PyTorch is a Python package in the PyTorch open source. A security vulnerability exists in PyTorch Serve versions prior to 0.1.0 through 0.9.0, which stems from a security flaw in the model/workflow management API. An attacker can exploit this vulnerability to upload a harmful archive...

PyTorch TorchServe SSRF (CVE-2023-43654)

Binary data pytorchCVE-2023-43654.nbin...

PyTorch TorchServe < 0.8.2 SSRF

The remote host contains a torchserve version that is prior to 0.8.2. It is, therefore, affected by a Server Side Request Forgery vulnerability. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the...

PyTorch TorchServe API detection

Binary data pytorchtorchservedetect.nbin...

PyTorch Model Server Registration / Deserialization Remote Code Execution Exploit

The PyTorch model server contains multiple vulnerabilities that can be chained together to permit an unauthenticated remote attacker arbitrary Java code execution. The first vulnerability is that the management interface is bound to all IP addresses and not just the loop back interface as the...

Metasploit Weekly Wrap-Up

Pollution in Kibana This week, contributor h00die added a module that leverages a prototype pollution bug in Kibana prior to version 7.6.3. Particularly, this issue is within the Upgrade Assistant and enables an attacker to execute arbitrary code. This vulnerability can be triggered by sending a...

PyTorch Model Server Registration / Deserialization Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/zip' class MetasploitModule 'PyTorch Model Server Registration and Deserialization RCE', 'Description' = %q The PyTorch model server contains multiple...

PyTorch Model Server Registration and Deserialization RCE

The PyTorch model server contains multiple vulnerabilities that can be chained together to permit an unauthenticated remote attacker arbitrary Java code execution. The first vulnerability is that the management interface is bound to all IP addresses and not just the loop back interface as the...

Cracking ShellTorch Vulnerabilities Exposing TorchServe to RCE

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A trio of security vulnerabilities, dubbed ShellTorch, in the open-source machine-learning model TorchServe, a tool for serving and scaling PyTorch models, could be chained to achieve remote code...

ShellTorch Attack Exposes Millions of PyTorch Systems to RCE Vulnerabilities

By Waqas Dubbed ShellTorch by researchers; these PyTorch vulnerabilities are troubling for the artificial intelligence AI and machine learning ML community. This is a post from HackRead.com Read the original post: ShellTorch Attack Exposes Millions of PyTorch Systems to RCE Vulnerabilities...

Warning: PyTorch Models Vulnerable to Remote Code Execution via ShellTorch

Cybersecurity researchers have disclosed multiple critical security flaws in the TorchServe tool for serving and scaling PyTorch models that could be chained to achieve remote code execution on affected systems. Israel-based runtime application security company Oligo, which made the discovery, ha...

Server Side Request Forgery (SSRF)

torchserve is vulnerable to Server Side Request Forgery SSRF. The vulnerability is caused by a missing input validation check in the default configuration for the property value of allowedurls, which is used to restrict URLs used to load the PyTorch model in the application. This can lead to an...

GHSA-4MQG-H5JF-J9M7 TorchServe Pre-Auth Remote Code Execution

Impact Use of Open Source Library potentially exposed to RCE Issue: Use of a version of the SnakeYAML v1.31 open source library with multiple issues that potentially exposes the user to unsafe deserialization of Java objects. This could allow third parties to execute arbitrary code on the target...

Default configuration

TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity...

CVE-2023-43654 TorchServe Server-Side Request Forgery

TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity...

CVE-2023-43654

CVE-2023-43654 affects PyTorch TorchServe: default configuration allows input validation bypass, enabling SSRF via remote HTTP downloads and writing files to disk. Affected versions are 0.1.0 through 0.8.1; upgrading to TorchServe 0.8.2 mitigates the issue as the default behavior was changed to w...

PyTorch Code Issues Vulnerabilities

PyTorch is a Python package open-sourced by PyTorch. A code issue vulnerability exists in PyTorch Serve versions 0.1.0 through 0.8.1 that stems from a lack of input validation...