8 matches found
Exploit for Server-Side Request Forgery in Pytorch Torchserve
CVE-2023-43654 ShellTorch is a chain of 3 Critical...
PyTorch TorchServe SSRF (CVE-2023-43654)
Binary data pytorchCVE-2023-43654.nbin...
PyTorch Model Server Registration / Deserialization Remote Code Execution Exploit
The PyTorch model server contains multiple vulnerabilities that can be chained together to permit an unauthenticated remote attacker arbitrary Java code execution. The first vulnerability is that the management interface is bound to all IP addresses and not just the loop back interface as the...
PyTorch Model Server Registration and Deserialization RCE
The PyTorch model server contains multiple vulnerabilities that can be chained together to permit an unauthenticated remote attacker arbitrary Java code execution. The first vulnerability is that the management interface is bound to all IP addresses and not just the loop back interface as the...
Warning: PyTorch Models Vulnerable to Remote Code Execution via ShellTorch
Cybersecurity researchers have disclosed multiple critical security flaws in the TorchServe tool for serving and scaling PyTorch models that could be chained to achieve remote code execution on affected systems. Israel-based runtime application security company Oligo, which made the discovery, ha...
wafl-llm (>=0.0.80 <=0.1.0) potentially affected by CVE-2023-43654 via torchserve (=0.7.1)
torchserve PYPI version =0.7.1 is affected by a known vulnerability. The following packages have a transitive dependency on torchserve and may be impacted: - wafl-llm =0.0.80, =0.1.0 Source cves: CVE-2023-43654 Source advisory: OSV:GHSA-8FXR-QFR9-P34W...
CVE-2023-43654
creationtimestamp| type| source ---|---|--- 2023-09-29 02:37:05+00:00| seen| https://t.me/cibsecurity/71245 2023-10-09 21:14:14+00:00| seen| https://t.me/GDSpace/962 2023-10-12 16:04:40+00:00| seen|...
CVE-2023-43654
CVE-2023-43654 affects PyTorch TorchServe: default configuration allows input validation bypass, enabling SSRF via remote HTTP downloads and writing files to disk. Affected versions are 0.1.0 through 0.8.1; upgrading to TorchServe 0.8.2 mitigates the issue as the default behavior was changed to w...