logo

Database

Improper authorization control for web services In torchserve

Description

TorchServe script references S3 bucket without ensuring ownership or confirming accessibility In the latest version of pytorch/serve, the script 'upload_results_to_s3.sh' references the S3 bucket 'benchmarkai-metrics-prod' without ensuring its ownership or confirming its accessibility. This could lead to potential security vulnerabilities or unauthorized access to the bucket if it is not properly secured or claimed by the appropriate entity. The issue may result in data breaches, exposure of proprietary information, or unauthorized modifications to stored data.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2024-65772. NVD-2024-65773. OSV-2024-65774. GCVE-2024-6577

References

1. https://huntr.com/bounties/20917570-8328-428f-bd1d-4fcd71fb2359

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.

FLAT-GLP98 – Vulnerability | Fluid Attacks Database