Lucene search

Veracode Vulnerability DatabaseVERACODE:44329

HistoryNov 21, 2023 - 6:46 a.m.

Directory Traversal (ZipSlip)

2023-11-2106:46:41

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

torchserve

zipslip

directory traversal

ziputils.java

sensitive files

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

6.8 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

22.8%

JSON

torchserve is vulnerable to Directory Traversal. The vulnerability is due to a lack of zip file path validation in ZipUtils.java file. This can lead to unauthorized access to sensitive files and directories on the system.

CPENameOperatorVersion
torchservele0.8.2
torchservele0.8.2

CPE	Name	Operator	Version
	torchserve	le	0.8.2
	torchserve	le	0.8.2

References

github.com/advisories/GHSA-m2mj-pr4f-h9jp

github.com/pytorch/serve/commit/bfb3d42396727614aef625143b4381e64142f9bb

github.com/pytorch/serve/pull/2634

github.com/pytorch/serve/releases/tag/v0.9.0

github.com/pytorch/serve/security/advisories/GHSA-m2mj-pr4f-h9jp

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

6.8 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

22.8%

JSON

Related for VERACODE:44329