CVE-2024-48063

In PyTorch =2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing...

UBUNTU-CVE-2024-48063

In PyTorch =2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing...

PyTorch 安全漏洞

PyTorch is a Python package from the PyTorch open source. A security vulnerability exists in PyTorch version 2.4.1 and earlier versions, which stems from RemoteModule containing a remote code execution vulnerability...

CVE-2024-48063

In PyTorch =2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing...

CVE-2024-48063

In PyTorch =2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing...

PT-2024-32976 · Facebook +1 · Pytorch +1

Name of the Vulnerable Software and Affected Versions: PyTorch versions prior to 2.4.1 Description: The issue concerns the RemoteModule in PyTorch, which is reported to have Deserialization RCE. However, it is noted that this behavior is intended in PyTorch distributed computing and is disputed b...

CVE-2024-48063

In PyTorch =2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing...

CVE-2024-48063

In PyTorch

CVE-2022-1941 affecting package pytorch for versions less than 2.2.2-2

CVE-2022-1941 affecting package pytorch for versions less than 2.2.2-2. A patched version of the package is available...

Arbitrary Code Execution

Overview sentence-transformers is a State-of-the-Art Text Embeddings Affected versions of this package are vulnerable to Arbitrary Code Execution when loading PyTorch model files. The torch.load function, used without the weightsonly=True parameter, could deserialize malicious Python objects from...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service [CVE-2024-31580] [CVE-2024-31583]

Summary PyTorch is used by the mapping assistance code in IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service. This bulletin provides patch information to address...

CVE-2024-27318 affecting package pytorch for versions less than 2.2.2-1

CVE-2024-27318 affecting package pytorch for versions less than 2.2.2-1. A patched version of the package is available...

CVE-2024-27319 affecting package pytorch for versions less than 2.2.2-1

CVE-2024-27319 affecting package pytorch for versions less than 2.2.2-1. A patched version of the package is available...

CVE-2024-35199

TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. In affected versions the two gRPC ports 7070 and 7071, are not bound to localhost by default, so when TorchServe is launched, these two interfaces are bound to all interfaces. Customers using PyTor...

CVE-2024-35198

TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. TorchServe 's check on allowedurls configuration can be by-passed if the URL contains characters such as ".." but it does not prevent the model from being downloaded into the model store. Once a fi...

CVE-2024-35198 TorchServe bypass allowed_urls configuration

TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. TorchServe 's check on allowedurls configuration can be by-passed if the URL contains characters such as ".." but it does not prevent the model from being downloaded into the model store. Once a fi...

CVE-2024-35198 TorchServe bypass allowed_urls configuration

TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. TorchServe 's check on allowedurls configuration can be by-passed if the URL contains characters such as ".." but it does not prevent the model from being downloaded into the model store. Once a fi...

CVE-2024-35199 TorchServe gRPC Port Exposure

TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. In affected versions the two gRPC ports 7070 and 7071, are not bound to localhost by default, so when TorchServe is launched, these two interfaces are bound to all interfaces. Customers using PyTor...

CVE-2024-35199

CVE-2024-35199 concerns TorchServe where two gRPC ports (7070, 7071) were bound to all interfaces by default, not localhost, potentially exposing the service. The issue affects TorchServe in affected versions; the root cause is incorrect binding configuration, enabling network exposure. The advis...

CVE-2024-35199 TorchServe gRPC Port Exposure

TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. In affected versions the two gRPC ports 7070 and 7071, are not bound to localhost by default, so when TorchServe is launched, these two interfaces are bound to all interfaces. Customers using PyTor...