CVE-2024-6577
published 2025-03-20CVE-2024-6577: In the latest version of pytorch/serve, the script 'upload_results_to_s3.sh' references the S3 bucket 'benchmarkai-metrics-prod' without ensuring its ownership…
PriorityP432medium6.3CVSS 3.0
AVNACLPRNUIRSUCLILAL
EPSS
0.36%
28.1th percentile
In the latest version of pytorch/serve, the script 'upload_results_to_s3.sh' references the S3 bucket 'benchmarkai-metrics-prod' without ensuring its ownership or confirming its accessibility. This could lead to potential security vulnerabilities or unauthorized access to the bucket if it is not properly secured or claimed by the appropriate entity. The issue may result in data breaches, exposure of proprietary information, or unauthorized modifications to stored data.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pytorch | pytorch_serve | unspecified – latest | — |
| pytorch | torchserve | 0 – 0.11.0 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
TorchServe script references S3 bucket without ensuring ownership or confirming accessibility
ghsa·2025-03-20
CVE-2024-6577 [MEDIUM] TorchServe script references S3 bucket without ensuring ownership or confirming accessibility
TorchServe script references S3 bucket without ensuring ownership or confirming accessibility
In the latest version of pytorch/serve, the script 'upload_results_to_s3.sh' references the S3 bucket 'benchmarkai-metrics-prod' without ensuring its ownership or confirming its accessibility. This could lead to potential security vulnerabilities or unauthorized access to the bucket if it is not properly secured or claimed by the appropriate entity. The issue may result in data breaches, exposure of proprietary information, or unauthorized modifications to stored data.
OSV
TorchServe script references S3 bucket without ensuring ownership or confirming accessibility
osv·2025-03-20
CVE-2024-6577 [MEDIUM] TorchServe script references S3 bucket without ensuring ownership or confirming accessibility
TorchServe script references S3 bucket without ensuring ownership or confirming accessibility
In the latest version of pytorch/serve, the script 'upload_results_to_s3.sh' references the S3 bucket 'benchmarkai-metrics-prod' without ensuring its ownership or confirming its accessibility. This could lead to potential security vulnerabilities or unauthorized access to the bucket if it is not properly secured or claimed by the appropriate entity. The issue may result in data breaches, exposure of proprietary information, or unauthorized modifications to stored data.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-03-20
Published