CVE-2024-35198 – torchserve

Package

Manager: pip
Name: torchserve
Vulnerable Version: >=0 <0.11.0

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.0013 pctl0.33297

Details

TorchServe vulnerable to bypass of allowed_urls configuration ### Impact TorchServe's check on allowed_urls configuration can be by-passed if the URL contains characters such as ".." but it does not prevent the model from being downloaded into the model store. Once a file is downloaded, it can be referenced without providing a URL the second time, which effectively bypasses the allowed_urls security check. Customers using PyTorch inference Deep Learning Containers (DLC) through Amazon SageMaker and EKS are not affected. ### Patches This issue in TorchServe has been fixed by validating the URL without characters such as ".." before downloading: [#3082](https://github.com/pytorch/serve/pull/3082). TorchServe release 0.11.0 includes the fix to address this vulnerability. ### References * [#3082](https://github.com/pytorch/serve/pull/3082) * [TorchServe release v0.11.0](https://github.com/pytorch/serve/releases/tag/v0.11.0) Thank Kroll Cyber Risk for for responsibly disclosing this issue. If you have any questions or comments about this advisory, we ask that you contact AWS Security via our [vulnerability reporting page](https://aws.amazon.com/security/vulnerability-reporting) or directly via email to [aws-security@amazon.com](mailto:aws-security@amazon.com). Please do not create a public GitHub issue.

Metadata

Created: 2024-07-18T22:03:30Z
Modified: 2024-08-07T16:01:12Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/07/GHSA-wxcx-gg9c-fwp2/GHSA-wxcx-gg9c-fwp2.json
CWE IDs: ["CWE-22", "CWE-706"]
Alternative ID: GHSA-wxcx-gg9c-fwp2
Finding: F063
Auto approve: 1