EUVD-2021-0165

Malware in sbrugna...

Warning: PyTorch Models Vulnerable to Remote Code Execution via ShellTorch

Cybersecurity researchers have disclosed multiple critical security flaws in the TorchServe tool for serving and scaling PyTorch models that could be chained to achieve remote code execution on affected systems. Israel-based runtime application security company Oligo, which made the discovery, ha...

Deserialization of untrusted data

parlai is a framework for training and evaluating AI models on a variety of openly available dialogue datasets. In affected versions the package is vulnerable to YAML deserialization attack caused by unsafe loading which leads to Arbitary code execution. This security bug is patched by avoiding...

Code Injection in nosarthur/gita

✍️ Description gita helps to Manage multiple git repos with sanity. Vulnerability description Vulnerable to YAML deserialization attack caused by unsafe loading. 🕵️‍♂️ Proof of Concept vulnerable part of code yaml.load in getcmdsfromfiles...

Code Injection in archivy/archivy

Description Archivy is a self-hosted knowledge repository that allows you to safely preserve useful content that contributes to your knowledge bank. Vulnerability description Vulnerable to YAML deserialization attack caused by unsafe loading. Proof of Concept Run exploit.py python import os...