5 matches found
Use of a Broken or Risky Cryptographic Algorithm
Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm when storing encrypted data keys in an instruction file. An attacker with write access to the S3 bucket can manipulate encrypted data keys to cause decryption to unintended plaintext by...
CVE-2025-0782
...
GHSA-XX7C-J7H3-VJCQ TorchServe script references S3 bucket without ensuring ownership or confirming accessibility
In the latest version of pytorch/serve, the script 'uploadresultstos3.sh' references the S3 bucket 'benchmarkai-metrics-prod' without ensuring its ownership or confirming its accessibility. This could lead to potential security vulnerabilities or unauthorized access to the bucket if it is not...
CVE-2024-6577
CVE-2024-6577 affects pytorch/serve. The script upload_results_to_s3.sh references the S3 bucket benchmarkai-metrics-prod without verifying ownership or accessibility, potentially enabling data exposure or unauthorized modifications if the bucket is not properly secured. No explicit remediation o...
CVE-2024-6583 Path Traversal in stangirard/quivr
A path traversal vulnerability exists in the latest version of stangirard/quivr. This vulnerability allows an attacker to upload files to arbitrary paths in an S3 bucket by manipulating the file path in the upload request...