60 matches found
PyTorch TorchServe SSRF
TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity...
Exploit for Server-Side Request Forgery in Pytorch Torchserve
PoC – Abuso de Configuraciones Predeterminadas en Vertex AI...
CVE-2023-43654
TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity...
VulnCheck KEV: CVE-2023-43654
TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity...
EUVD-2024-2363
Malicious code in bioql PyPI...
EUVD-2024-2442
Malicious code in bioql PyPI...
EUVD-2023-2995
Malicious code in bioql PyPI...
eisen (=0.1.9), eisen-deploy (>=0.0.1 <=0.0.2) potentially affected by CVE-2024-6577 via torchserve (=0.0.1b20200409)
torchserve PYPI version =0.0.1b20200409 is affected by a known vulnerability. The following packages have a transitive dependency on torchserve and may be impacted: - eisen =0.1.9 - eisen-deploy =0.0.1, =0.0.2 Source cves: CVE-2024-6577 Source advisory: OSV:GHSA-XX7C-J7H3-VJCQ...
GHSA-XX7C-J7H3-VJCQ TorchServe script references S3 bucket without ensuring ownership or confirming accessibility
In the latest version of pytorch/serve, the script 'uploadresultstos3.sh' references the S3 bucket 'benchmarkai-metrics-prod' without ensuring its ownership or confirming its accessibility. This could lead to potential security vulnerabilities or unauthorized access to the bucket if it is not...
CVE-2024-35199
TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. In affected versions the two gRPC ports 7070 and 7071, are not bound to localhost by default, so when TorchServe is launched, these two interfaces are bound to all interfaces. Customers using PyTor...
CVE-2024-35198
TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. TorchServe 's check on allowedurls configuration can be by-passed if the URL contains characters such as ".." but it does not prevent the model from being downloaded into the model store. Once a fi...
Path Traversal
TorchServe is vulnerable to Path Traversal. The vulnerability is due to inadequate validation of URLs in the allowedurls configuration, which bypasses the security checks by including characters such as "..", resulting in the model from being downloaded into the model store...
Exposure Of Resource To Wrong Sphere
torchserve, is vulnerable to Exposure of Resource to Wrong Sphere. The vulnerability is due to the gRPC ports 7070 and 7071 being bound to all interfaces by default when TorchServe is launched. This could allow attackers to access these ports on an adjacent network, potentially leading to...
CVE-2024-35199
TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. In affected versions the two gRPC ports 7070 and 7071, are not bound to localhost by default, so when TorchServe is launched, these two interfaces are bound to all interfaces. Customers using PyTor...
CVE-2024-35198
TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. TorchServe 's check on allowedurls configuration can be by-passed if the URL contains characters such as ".." but it does not prevent the model from being downloaded into the model store. Once a fi...
UBUNTU-CVE-2024-35198
TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. TorchServe 's check on allowedurls configuration can be by-passed if the URL contains characters such as ".." but it does not prevent the model from being downloaded into the model store. Once a fi...
CVE-2024-35198
TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. TorchServe 's check on allowedurls configuration can be by-passed if the URL contains characters such as ".." but it does not prevent the model from being downloaded into the model store. Once a fi...
CVE-2024-35198
TorchServe contains a path-traversal style bypass in allowed_urls checking: URLs containing ".." can appear to pass validation, allowing a file to be downloaded into the model store and later referenced without a URL, effectively bypassing the security check. Affected component: TorchServeroot ca...
CVE-2024-35198 TorchServe bypass allowed_urls configuration
TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. TorchServe 's check on allowedurls configuration can be by-passed if the URL contains characters such as ".." but it does not prevent the model from being downloaded into the model store. Once a fi...
CVE-2024-35198 TorchServe bypass allowed_urls configuration
TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. TorchServe 's check on allowedurls configuration can be by-passed if the URL contains characters such as ".." but it does not prevent the model from being downloaded into the model store. Once a fi...