Lucene search
+L

8 matches found

GithubExploit
GithubExploit
added 2024/05/28 10:2 a.m.135 views

Exploit for Server-Side Request Forgery in Pytorch Torchserve

CVE-2023-43654 ShellTorch is a chain of 3 Critical...

10CVSS9.9AI score0.35256EPSS
Exploits6
Tenable Nessus
Tenable Nessus
added 2023/10/31 12:0 a.m.74 views

PyTorch TorchServe SSRF (CVE-2023-43654)

Binary data pytorchCVE-2023-43654.nbin...

10CVSS9.6AI score0.35256EPSS
Exploits6References2
0day.today
0day.today
added 2023/10/15 12:0 a.m.436 views

PyTorch Model Server Registration / Deserialization Remote Code Execution Exploit

The PyTorch model server contains multiple vulnerabilities that can be chained together to permit an unauthenticated remote attacker arbitrary Java code execution. The first vulnerability is that the management interface is bound to all IP addresses and not just the loop back interface as the...

10CVSS9.8AI score0.99615EPSS
Exploits13
Metasploit
Metasploit
added 2023/10/12 7:51 p.m.633 views

PyTorch Model Server Registration and Deserialization RCE

The PyTorch model server contains multiple vulnerabilities that can be chained together to permit an unauthenticated remote attacker arbitrary Java code execution. The first vulnerability is that the management interface is bound to all IP addresses and not just the loop back interface as the...

10CVSS7.8AI score0.99615EPSS
Exploits13
The Hacker News
The Hacker News
added 2023/10/03 4:24 p.m.127 views

Warning: PyTorch Models Vulnerable to Remote Code Execution via ShellTorch

Cybersecurity researchers have disclosed multiple critical security flaws in the TorchServe tool for serving and scaling PyTorch models that could be chained to achieve remote code execution on affected systems. Israel-based runtime application security company Oligo, which made the discovery, ha...

10CVSS10.6AI score0.99615EPSS
Exploits13
vulnersOsv
vulnersOsv
added 2023/10/02 8:39 p.m.6 views

wafl-llm (>=0.0.80 <=0.1.0) potentially affected by CVE-2023-43654 via torchserve (=0.7.1)

torchserve PYPI version =0.7.1 is affected by a known vulnerability. The following packages have a transitive dependency on torchserve and may be impacted: - wafl-llm =0.0.80, =0.1.0 Source cves: CVE-2023-43654 Source advisory: OSV:GHSA-8FXR-QFR9-P34W...

10CVSS7.4AI score0.35256EPSS
Exploits6
Circl
Circl
added 2023/09/29 2:37 a.m.17 views

CVE-2023-43654

creationtimestamp| type| source ---|---|--- 2023-09-29 02:37:05+00:00| seen| https://t.me/cibsecurity/71245 2023-10-09 21:14:14+00:00| seen| https://t.me/GDSpace/962 2023-10-12 16:04:40+00:00| seen|...

10CVSS7.4AI score0.35256EPSS
Exploits6References9
CVE
CVE
added 2023/09/28 10:10 p.m.142 views

CVE-2023-43654

CVE-2023-43654 affects PyTorch TorchServe: default configuration allows input validation bypass, enabling SSRF via remote HTTP downloads and writing files to disk. Affected versions are 0.1.0 through 0.8.1; upgrading to TorchServe 0.8.2 mitigates the issue as the default behavior was changed to w...

10CVSS9.2AI score0.35256EPSS
In wildExploits6References4Affected Software1
Rows per page
Query Builder