Home > Vulnerability Database > CVE-2024-35199

Mend.io Vulnerability Database

CVE-2024-35199

Good to know:

Date: July 18, 2024

TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. In affected versions the two gRPC ports 7070 and 7071, are not bound to [localhost](http://localhost/) by default, so when TorchServe is launched, these two interfaces are bound to all interfaces. Customers using PyTorch inference Deep Learning Containers (DLC) through Amazon SageMaker and EKS are not affected. This issue in TorchServe has been fixed in PR #3083. TorchServe release 0.11.0 includes the fix to address this vulnerability. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Language: Python

Severity Score

8.2

Related Resources (7)

Url: https://github.com/pytorch/serve/commit/aab99506a17193de217aacc1119d9381dbc6ed2b

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-35199

Url: https://github.com/pytorch/serve/releases/tag/v0.11.0

Url: https://github.com/pytorch/serve

Url: https://github.com/pytorch/serve/pull/3083

Url: https://github.com/pytorch/serve/security/advisories/GHSA-hhpg-v63p-wp7w

Url: https://www.mend.io/vulnerability-database/CVE-2024-35199

Severity Score

8.2

Weakness Type (CWE)

Exposure of Resource to Wrong Sphere

CWE-668

Improper Restriction of Software Interfaces to Hardware Features

CWE-1256

Top Fix

Upgrade Version

Upgrade to version https://github.com/pytorch/serve/releases/tag/v0.11.0

Learn More

CVSS v3.1

Base Score:	8.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-35199

Good to know:

Date: July 18, 2024

Language: Python

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?