2 matches found
PYSEC-2026-553 TorchServe Server-Side Request Forgery vulnerability
Impact Remote Server-Side Request Forgery SSRF Issue: TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity of the system and...
PT-2026-29269
Name of the Vulnerable Software and Affected Versions mlflow/mlflow affected versions not specified Description A command injection issue exists in mlflow/mlflow when serving a model with enable mlserver=True. The model uri is directly incorporated into a shell command executed using bash -c...