Lucene search
K

147 matches found

CVE
CVE
added 2025/03/20 10:11 a.m.58 views

CVE-2025-0508

CVE-2025-0508 affects the SageMaker Workflow component in aws/sagemaker-python-sdk, with MD5 hash collisions across all versions leading to potential workflow replacements and integrity issues in pipelines. The issue is documented across multiple feeds (including Red Hat, OSV, circl, and CVE list...

5.9CVSS5.8AI score0.00245EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/20 10:11 a.m.37 views

CVE-2025-0508 MD5 Hash Collision in SageMaker Workflow in aws/sagemaker-python-sdk

A vulnerability in the SageMaker Workflow component of aws/sagemaker-python-sdk allows for the possibility of MD5 hash collisions in all versions. This can lead to workflows being inadvertently replaced due to the reuse of results from different configurations that produce the same MD5 hash. This...

5.9CVSS0.00245EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.8 views

sagemaker-python-sdk 安全漏洞

sagemaker-python-sdk is an Amazon Web Services open source library for training and deploying machine learning models on Amazon SageMaker. A security vulnerability exists in sagemaker-python-sdk that stems from an MD5 hash collision in the SageMaker Workflow component that could result in workflo...

5.9CVSS5.7AI score0.00245EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 11:18 a.m.12 views

CVE-2024-34072

sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. The sagemaker.basedeserializers.NumpyDeserializer module before v2.218.0 allows potentially unsafe deserialization when untrusted data is passed as pickled object arrays. This consequently ma...

7.8CVSS7.7AI score0.00408EPSS
Exploits0References1
Huntr
Huntr
added 2024/11/22 8:56 a.m.7 views

MD5 Hash Collision in SageMaker Workflow

The possibility exists that MD5 collisions could occur in past cache configurations, potentially leading to workflows being inadvertently replaced. Impact In a SageMaker workflow, there is a potential risk associated with using MD5 hashes due to hash collisions. MD5 is vulnerable to collision...

5.9CVSS5.8AI score0.00245EPSS
Exploits0
NVD
NVD
added 2024/11/14 6:15 p.m.10 views

CVE-2024-4343

A Python command injection vulnerability exists in the SagemakerLLM class's complete method within ./privategpt/components/llm/custom/sagemaker.py of the imartinez/privategpt application, versions up to and including 0.3.0. The vulnerability arises due to the use of the eval function to parse a...

9.8CVSS0.0261EPSS
Exploits1References2
OSV
OSV
added 2024/11/14 5:32 p.m.6 views

CVE-2024-4343 Python Command Injection in imartinez/privategpt

A Python command injection vulnerability exists in the SagemakerLLM class's complete method within ./privategpt/components/llm/custom/sagemaker.py of the imartinez/privategpt application, versions up to and including 0.3.0. The vulnerability arises due to the use of the eval function to parse a...

9.8CVSS6.4AI score0.0261EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/11/14 5:32 p.m.7 views

CVE-2024-4343 Python Command Injection in imartinez/privategpt

A Python command injection vulnerability exists in the SagemakerLLM class's complete method within ./privategpt/components/llm/custom/sagemaker.py of the imartinez/privategpt application, versions up to and including 0.3.0. The vulnerability arises due to the use of the eval function to parse a...

9.8CVSS8.4AI score0.0261EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/11/14 5:32 p.m.21 views

CVE-2024-4343 Python Command Injection in imartinez/privategpt

A Python command injection vulnerability exists in the SagemakerLLM class's complete method within ./privategpt/components/llm/custom/sagemaker.py of the imartinez/privategpt application, versions up to and including 0.3.0. The vulnerability arises due to the use of the eval function to parse a...

9.8CVSS0.0261EPSS
Exploits1References2
CVE
CVE
added 2024/11/14 5:32 p.m.61 views

CVE-2024-4343

The CVE-2024-4343 entry describes a Python command injection in the imartinez/privategpt project. Affected component: SagemakerLLM.complete() in ./private_gpt/components/llm/custom/sagemaker.py, with versions up to and including 0.3.0. Root cause: unsafe parsing of a remote SageMaker LLM endpoint...

9.8CVSS9.8AI score0.0261EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2024/09/12 6:17 a.m.6 views

Token Leakage

sagemakertrainin is vulnerable to Token Leakage. The vulnerability is due to the logging of CodeArtifact authorization tokens in log files, which, when pushed to CloudWatch Log streams, It can allow unauthorized access to CodeArtifact resources...

7AI score
Exploits0
OSV
OSV
added 2024/09/11 7:20 p.m.6 views

GHSA-635V-PC42-FR74 AWS SageMaker Training Toolkit logs CodeArtifact Authorization token

Description For SageMaker Training Toolkit1 versions 4.7.4; 4.7.3; 4.7.2; 4.7.1; 4.7.0, the authorization tokens for CodeArtifact temporary token with an expiration of 12 hours were logged in the log files when the CodeArtifact capability was enabled. If customers push these log files to their...

5.6CVSS6.7AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/09/11 7:20 p.m.8 views

AWS SageMaker Training Toolkit logs CodeArtifact Authorization token

Description For SageMaker Training Toolkit1 versions 4.7.4; 4.7.3; 4.7.2; 4.7.1; 4.7.0, the authorization tokens for CodeArtifact temporary token with an expiration of 12 hours were logged in the log files when the CodeArtifact capability was enabled. If customers push these log files to their...

6.7AI score
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/09/11 12:0 a.m.4 views

PT-2024-40110 · Amazon · Cloudwatch +2

Name of the Vulnerable Software and Affected Versions: SageMaker Training Toolkit versions 4.7.0 through 4.7.4 Description: The issue concerns the logging of authorization tokens for CodeArtifact in log files when the CodeArtifact capability is enabled. These tokens have an expiration of 12 hours...

5.6CVSS7AI score
Exploits0References4
Rapid7 Blog
Rapid7 Blog
added 2024/08/08 1:0 p.m.16 views

Illuminating the Shadows: Managing the Risks of Shadow AI in Modern Enterprises

Understanding the challenge of Shadow AI Shadow AI – a dramatic term for a new problem. With the rise of widely available consumer level AI services with easy-to-use chat interfaces, anyone from the summer intern to the CEO can easily use these shiny and new AI products. However, anyone who’s eve...

6.2AI score
Exploits0
Vulnrichment
Vulnrichment
added 2024/07/18 10:40 p.m.10 views

CVE-2024-35198 TorchServe bypass allowed_urls configuration

TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. TorchServe 's check on allowedurls configuration can be by-passed if the URL contains characters such as ".." but it does not prevent the model from being downloaded into the model store. Once a fi...

9.8CVSS6.8AI score0.00792EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/07/18 10:40 p.m.16 views

CVE-2024-35199 TorchServe gRPC Port Exposure

TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. In affected versions the two gRPC ports 7070 and 7071, are not bound to localhost by default, so when TorchServe is launched, these two interfaces are bound to all interfaces. Customers using PyTor...

8.2CVSS6.8AI score0.00631EPSS
Exploits0References3
CVE
CVE
added 2024/07/18 10:40 p.m.106 views

CVE-2024-35199

CVE-2024-35199 concerns TorchServe where two gRPC ports (7070, 7071) were bound to all interfaces by default, not localhost, potentially exposing the service. The issue affects TorchServe in affected versions; the root cause is incorrect binding configuration, enabling network exposure. The advis...

8.2CVSS4.7AI score0.00631EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/07/18 10:6 p.m.16 views

GHSA-HHPG-V63P-WP7W TorchServe gRPC Port Exposure

Impact The two gRPC ports 7070 and 7071, are not bound to localhost by default, so when TorchServe is launched, these two interfaces are bound to all interfaces. Customers using PyTorch inference Deep Learning Containers DLC through Amazon SageMaker and EKS are not affected. Patches This issue in...

8.8CVSS8.3AI score0.00631EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2024/07/18 10:6 p.m.26 views

TorchServe gRPC Port Exposure

Impact The two gRPC ports 7070 and 7071, are not bound to localhost by default, so when TorchServe is launched, these two interfaces are bound to all interfaces. Customers using PyTorch inference Deep Learning Containers DLC through Amazon SageMaker and EKS are not affected. Patches This issue in...

8.2CVSS6.8AI score0.00631EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder