5 matches found
PT-2026-42603
Summary Amazon SageMaker Python SDK is an open-source library for training and deploying machine learning models on Amazon SageMaker. An issue exists where, under certain circumstances, the ModelBuilder/Serve component stores an HMAC signing key in cleartext as a container environment variable,...
CVE-2026-8597
Missing integrity verification in the Triton inference handler in Amazon SageMaker Python SDK v2 before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to achieve code execution in inference containers via replacement of model artifacts in S3 with a specially crafted pickle...
GHSA-5R2P-PJR8-7FH7 SageMaker Python SDK replaced eval() with safe parser in JumpStart search functionality
Summary This advisory addresses the use of the searchhub function within the SageMaker Python SDK's JumpStart search functionality. An actor with the ability to control query parameters passed to the searchhub function could potentially provide malformed input that causes the eval function to...
CVE-2026-1778
Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for requests with invalid and self-signed certificates to succeed...
PT-2024-25683
Name of the Vulnerable Software and Affected Versions sagemaker-python-sdk versions prior to 2.218.0 Description The issue concerns potentially unsafe deserialization in the sagemaker.base deserializers.NumpyDeserializer module when untrusted data is passed as pickled object arrays. This may allo...