cbcvebase.
CVE-2024-6577
published 2025-03-20

CVE-2024-6577: In the latest version of pytorch/serve, the script 'upload_results_to_s3.sh' references the S3 bucket 'benchmarkai-metrics-prod' without ensuring its ownership…

PriorityP432medium6.3CVSS 3.0
AVNACLPRNUIRSUCLILAL
EPSS
0.36%
28.1th percentile
In the latest version of pytorch/serve, the script 'upload_results_to_s3.sh' references the S3 bucket 'benchmarkai-metrics-prod' without ensuring its ownership or confirming its accessibility. This could lead to potential security vulnerabilities or unauthorized access to the bucket if it is not properly secured or claimed by the appropriate entity. The issue may result in data breaches, exposure of proprietary information, or unauthorized modifications to stored data.

Affected

2 ranges
VendorProductVersion rangeFixed in
pytorchpytorch_serveunspecified – latest
pytorchtorchserve0 – 0.11.0
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.