Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2024-35198

Good to know:

icon

Date: July 18, 2024

TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. TorchServe 's check on allowed_urls configuration can be by-passed if the URL contains characters such as ".." but it does not prevent the model from being downloaded into the model store. Once a file is downloaded, it can be referenced without providing a URL the second time, which effectively bypasses the allowed_urls security check. Customers using PyTorch inference Deep Learning Containers (DLC) through Amazon SageMaker and EKS are not affected. This issue in TorchServe has been fixed by validating the URL without characters such as ".." before downloading see PR #3082. TorchServe release 0.11.0 includes the fix to address this vulnerability. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Language: Java

Severity Score

Related Resources (7)

https://github.com/pytorch/serve/commit/cdba0fd449c2fd23dcf37c54c0784035541d5114
https://github.com/pytorch/serve/releases/tag/v0.11.0
https://nvd.nist.gov/vuln/detail/CVE-2024-35198
https://github.com/pytorch/serve
https://github.com/pytorch/serve/security/advisories/GHSA-wxcx-gg9c-fwp2
https://github.com/pytorch/serve/pull/3082
https://www.mend.io/vulnerability-database/CVE-2024-35198

Severity Score

Weakness Type (CWE)

Path Traversal

CWE-22

Use of Incorrectly-Resolved Name or Reference

CWE-706

Top Fix

icon

Upgrade Version

Upgrade to version v0.11.0

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

Do you need more information?

Contact Us