CVE-2024-35198
published 2024-07-19CVE-2024-35198: TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. TorchServe 's check on allowed_urls configuration can be…
PriorityP355critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.79%
51.7th percentile
TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. TorchServe 's check on allowed_urls configuration can be by-passed if the URL contains characters such as ".." but it does not prevent the model from being downloaded into the model store. Once a file is downloaded, it can be referenced without providing a URL the second time, which effectively bypasses the allowed_urls security check. Customers using PyTorch inference Deep Learning Containers (DLC) through Amazon SageMaker and EKS are not affected. This issue in TorchServe has been fixed by validating the URL without characters such as ".." before downloading see PR #3082. TorchServe release 0.11.0 includes the fix to address this vulnerability. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pytorch | serve | — | — |
| pytorch | torchserve | >= 0 < 0.11.0 | 0.11.0 |
| pytorch | torchserve | >= 0.4.2 < 0.11.0 | 0.11.0 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2024-35198: TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production
osv·2024-07-19·CVSS 9.8
CVE-2024-35198 [CRITICAL] CVE-2024-35198: TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production
TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. TorchServe 's check on allowed_urls configuration can be by-passed if the URL contains characters such as ".." but it does not prevent the model from being downloaded into the model store. Once a file is downloaded, it can be referenced without providing a URL the second time, which effectively bypasses the allowed_urls security check. Customers using PyTorch inference Deep Learning Containers (DLC) through Amazon SageMaker and EKS are not affected. This issue in TorchServe has been fixed by validating the URL without characters such as ".." before downloading see PR #3082. TorchServe release 0.11.0 includes the fix to address this vulnerability. Users are advised to upgrade. There are no kn
OSV
TorchServe vulnerable to bypass of allowed_urls configuration
osv·2024-07-18
CVE-2024-35198 [CRITICAL] TorchServe vulnerable to bypass of allowed_urls configuration
TorchServe vulnerable to bypass of allowed_urls configuration
### Impact
TorchServe's check on allowed_urls configuration can be by-passed if the URL contains characters such as ".." but it does not prevent the model from being downloaded into the model store. Once a file is downloaded, it can be referenced without providing a URL the second time, which effectively bypasses the allowed_urls security check. Customers using PyTorch inference Deep Learning Containers (DLC) through Amazon SageMaker and EKS are not affected.
### Patches
This issue in TorchServe has been fixed by validating the URL without characters such as ".." before downloading: [#3082](https://github.com/pytorch/serve/pull/3082).
TorchServe release 0.11.0 includes the fix to address this vulnerability.
### References
*
GHSA
TorchServe vulnerable to bypass of allowed_urls configuration
ghsa·2024-07-18
CVE-2024-35198 [CRITICAL] CWE-22 TorchServe vulnerable to bypass of allowed_urls configuration
TorchServe vulnerable to bypass of allowed_urls configuration
### Impact
TorchServe's check on allowed_urls configuration can be by-passed if the URL contains characters such as ".." but it does not prevent the model from being downloaded into the model store. Once a file is downloaded, it can be referenced without providing a URL the second time, which effectively bypasses the allowed_urls security check. Customers using PyTorch inference Deep Learning Containers (DLC) through Amazon SageMaker and EKS are not affected.
### Patches
This issue in TorchServe has been fixed by validating the URL without characters such as ".." before downloading: [#3082](https://github.com/pytorch/serve/pull/3082).
TorchServe release 0.11.0 includes the fix to address this vulnerability.
### References
*
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/pytorch/serve/pull/3082https://github.com/pytorch/serve/releases/tag/v0.11.0https://github.com/pytorch/serve/security/advisories/GHSA-wxcx-gg9c-fwp2https://github.com/pytorch/serve/pull/3082https://github.com/pytorch/serve/releases/tag/v0.11.0https://github.com/pytorch/serve/security/advisories/GHSA-wxcx-gg9c-fwp2
2024-07-19
Published