15 matches found
CVE-2026-1778
Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for requests with invalid and self-signed certificates to succeed...
CVE-2024-34073
sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. In affected versions the capturedependencies function in sagemaker.serve.saveretrive.version100.save.utils module allows for potentially unsafe Operating System OS Command Injection if...
EUVD-2024-1835
Malicious code in bioql PyPI...
aggregation-agent (>=0.1.2 <=0.1.11), airflow-add-ons (>=0.2.7 <=0.2.15) +123 more potentially affected by CVE-2025-5279 via redshift-connector (>=2.0.888 <=2.1.2)
redshift-connector PYPI version =2.0.888, =0.1.2, =0.2.7, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.0.3, =0.1.0, =3.1.0rc1, =1.0.0, =1.0.4 - arrowjet =0.1.0 - astronomer-providers =1.0.0 - authz-analyzer =0.1.1 and more Source cves: CVE-2025-5279 Source advisory: OSV:GHSA-R244-WG5G-6W2R...
CVE-2024-35198 TorchServe bypass allowed_urls configuration
TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. TorchServe 's check on allowedurls configuration can be by-passed if the URL contains characters such as ".." but it does not prevent the model from being downloaded into the model store. Once a fi...
CVE-2024-35199 TorchServe gRPC Port Exposure
TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. In affected versions the two gRPC ports 7070 and 7071, are not bound to localhost by default, so when TorchServe is launched, these two interfaces are bound to all interfaces. Customers using PyTor...
CVE-2024-35199
CVE-2024-35199 concerns TorchServe where two gRPC ports (7070, 7071) were bound to all interfaces by default, not localhost, potentially exposing the service. The issue affects TorchServe in affected versions; the root cause is incorrect binding configuration, enabling network exposure. The advis...
TorchServe vulnerable to bypass of allowed_urls configuration
Impact TorchServe's check on allowedurls configuration can be by-passed if the URL contains characters such as ".." but it does not prevent the model from being downloaded into the model store. Once a file is downloaded, it can be referenced without providing a URL the second time, which...
CVE-2024-34073
sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. In affected versions the capturedependencies function in sagemaker.serve.saveretrive.version100.save.utils module allows for potentially unsafe Operating System OS Command Injection if...
CVE-2024-34072 Deserialization of Untrusted Data in sagemaker-python-sdk
sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. The sagemaker.basedeserializers.NumpyDeserializer module before v2.218.0 allows potentially unsafe deserialization when untrusted data is passed as pickled object arrays. This consequently ma...
CVE-2024-34072 Deserialization of Untrusted Data in sagemaker-python-sdk
sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. The sagemaker.basedeserializers.NumpyDeserializer module before v2.218.0 allows potentially unsafe deserialization when untrusted data is passed as pickled object arrays. This consequently ma...
CVE-2024-34073 Command Injection in sagemaker-python-sdk
sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. In affected versions the capturedependencies function in sagemaker.serve.saveretrive.version100.save.utils module allows for potentially unsafe Operating System OS Command Injection if...
CVE-2024-34073
The CVE concerns the sagemaker-python-sdk, where the capture_dependencies function in sagemaker.serve.save_retrive.version_1_0_0.save.utils allows potentially unsafe OS command injection if a malicious requirements_path is passed. This could enable remote code execution, denial of service, and co...
CVE-2024-34073 Command Injection in sagemaker-python-sdk
sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. In affected versions the capturedependencies function in sagemaker.serve.saveretrive.version100.save.utils module allows for potentially unsafe Operating System OS Command Injection if...
Wiz launches support for Amazon SageMaker, helping organizations innovate faster and more securely with AI
Wiz helps accelerate the machine learning journey for practitioners by protecting their generative AI applications...