Lucene search
+L
PytorchTorchserve

4 matches found

CVE
CVE
added 2023/09/28 10:10 p.m.142 views

CVE-2023-43654

CVE-2023-43654 affects PyTorch TorchServe: default configuration allows input validation bypass, enabling SSRF via remote HTTP downloads and writing files to disk. Affected versions are 0.1.0 through 0.8.1; upgrading to TorchServe 0.8.2 mitigates the issue as the default behavior was changed to w...

10CVSS9.2AI score0.35256EPSS
In wild
CVE
CVE
added 2024/07/18 10:40 p.m.109 views

CVE-2024-35199

CVE-2024-35199 concerns TorchServe where two gRPC ports (7070, 7071) were bound to all interfaces by default, not localhost, potentially exposing the service. The issue affects TorchServe in affected versions; the root cause is incorrect binding configuration, enabling network exposure. The advis...

8.2CVSS4.7AI score0.00631EPSS
CVE
CVE
added 2023/11/21 8:55 p.m.105 views

CVE-2023-48299

CVE-2023-48299 (TorchServe ZipSlip) affects TorchServe versions 0.1.0 through 0.9.0 via the model/workflow management API, where uploading archives could cause files to be extracted to any location within process permissions. The underlying issue is unvalidated ZIP file paths, enabling potential ...

5.3CVSS5.3AI score0.00673EPSS
CVE
CVE
added 2024/07/18 10:40 p.m.63 views

CVE-2024-35198

TorchServe contains a path-traversal style bypass in allowed_urls checking: URLs containing ".." can appear to pass validation, allowing a file to be downloaded into the model store and later referenced without a URL, effectively bypassing the security check. Affected component: TorchServeroot ca...

9.8CVSS5.6AI score0.00792EPSS