2 matches found
PT-2026-37263
Name of the Vulnerable Software and Affected Versions pyLoad versions prior to 0.5.0b3.dev100 Description Insufficient sanitization of package folder names allows writing files outside the intended download directory. The issue exists in the add package function within the src/pyload/core/api/ in...
PT-2024-26375
Name of the Vulnerable Software and Affected Versions TorchServe versions prior to 0.11.0 Description The issue concerns TorchServe's check on allowed urls configuration, which can be bypassed if the URL contains characters such as "..". This allows a model to be downloaded into the model store,...