5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
6.8 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
22.8%
torchserve is vulnerable to Directory Traversal. The vulnerability is due to a lack of zip file path validation in ZipUtils.java
file. This can lead to unauthorized access to sensitive files and directories on the system.
CPE | Name | Operator | Version |
---|---|---|---|
torchserve | le | 0.8.2 | |
torchserve | le | 0.8.2 |
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
6.8 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
22.8%