147 matches found
CVE-2026-1778 TLS disabled by default in select aws/sagemaker-python-sdk configurations
Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for requests with invalid and self-signed certificates to succeed...
CVE-2026-1778 TLS disabled by default in select aws/sagemaker-python-sdk configurations
Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for requests with invalid and self-signed certificates to succeed...
CVE-2026-1778 TLS disabled by default in select aws/sagemaker-python-sdk configurations
Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for requests with invalid and self-signed certificates to succeed...
CVE-2026-1777 Cleartext transmission of sensitive materials in aws/sagemaker-python-sdk
The Amazon SageMaker Python SDK before v3.2.0 and v2.256.0 includes the ModelBuilder HMAC signing key in the cleartext response elements of the DescribeTrainingJob function. A third party with permissions to both call this API and permissions to modify objects in the Training Jobs S3 output...
CVE-2026-1777
The Amazon SageMaker Python SDK before v3.2.0 and v2.256.0 includes the ModelBuilder HMAC signing key in the cleartext response elements of the DescribeTrainingJob function. A third party with permissions to both call this API and permissions to modify objects in the Training Jobs S3 output...
CVE-2026-1777 Cleartext transmission of sensitive materials in aws/sagemaker-python-sdk
The Amazon SageMaker Python SDK before v3.2.0 and v2.256.0 includes the ModelBuilder HMAC signing key in the cleartext response elements of the DescribeTrainingJob function. A third party with permissions to both call this API and permissions to modify objects in the Training Jobs S3 output...
Amazon SageMaker Python SDK 安全漏洞
Amazon SageMaker Python SDK is a development toolkit provided by Amazon, Inc., for building, training, and deploying machine learning models. Versions of the Amazon SageMaker Python SDK prior to v3.1.1 and v2.256.0 contained security vulnerabilities. These vulnerabilities stemmed from the disabli...
Amazon SageMaker Python SDK 安全漏洞
Amazon SageMaker Python SDK is a development toolkit provided by Amazon, Inc., for building, training, and deploying machine learning models. Versions of the Amazon SageMaker Python SDK prior to v3.2.0 and v2.256.0 contained security vulnerabilities. These vulnerabilities stemmed from the plainte...
PT-2026-6479
Summary SageMaker Python SDK is an open source library for training and deploying machine learning models on Amazon SageMaker. An issue where the HMAC secret key is stored in environment variables and disclosed via the DescribeTrainingJob API has been identified. Impact - Function and Payload...
PT-2026-5709
Name of the Vulnerable Software and Affected Versions Amazon SageMaker Python SDK versions prior to 3.1.1 Amazon SageMaker Python SDK versions prior to 2.256.0 Description The SageMaker Python SDK has an issue where TLS certificate verification is disabled for HTTPS connections when importing a...
PT-2026-5708
Name of the Vulnerable Software and Affected Versions Amazon SageMaker Python SDK versions prior to 3.2.0 Amazon SageMaker Python SDK versions prior to 2.256.0 Description The Amazon SageMaker Python SDK contains the ModelBuilder HMAC signing key in cleartext within the response elements of the...
CVE-2024-34073
sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. In affected versions the capturedependencies function in sagemaker.serve.saveretrive.version100.save.utils module allows for potentially unsafe Operating System OS Command Injection if...
MLflow SageMaker Command Injection Vulnerability
Description The vulnerability exists in /mlflow/sagemaker/init.py at lines 161-167, where user-supplied container image names are directly interpolated into shell commands without proper sanitization before being passed to os.system. Vulnerable Code Path : CLI Input --container parameter ↓...
EUVD-2024-43982
Malicious code in bioql PyPI...
EUVD-2024-1498
Malicious code in bioql PyPI...
EUVD-2024-1835
Malicious code in bioql PyPI...
EUVD-2025-6837
Malicious code in bioql PyPI...
Out-of-bounds Write
Overview nvidia-pytriton is a PyTriton - Flask/FastAPI-like interface to simplify Triton's deployment in Python environments. Affected versions of this package are vulnerable to Out-of-bounds Write via the HTTP and Sagemaker request handler. An attacker could cause an out-of-bounds write through ...
MAL-2025-191680 Malicious code in amzn-sagemaker-studio (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a557d275cca7627fa4d3e2c72f0fc9b78fc5ac70aa87a0ab586f1abf9f8777a6 Package exfiltrates the environment variables during the import --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaig...
MAL-2025-32622 Malicious code in sagemaker_examples (npm)
The package sagemakerexamples was found to contain malicious code...