CVE-2024-35198 Information
Description
TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. TorchServe ’s check on allowed_urls configuration can be by-passed if the URL contains characters such as ..\ but it does not prevent the model from being downloaded into the model store. Once a file is downloaded it can be referenced without providing a URL the second time which effectively bypasses the allowed_urls security check. Customers using PyTorch inference Deep Learning Containers (DLC) through Amazon SageMaker and EKS are not affected. This issue in TorchServe has been fixed by validating the URL without characters such as ..\ before downloading see PR 3082. TorchServe release 0.11.0 includes the fix to address this vulnerability. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Reference
https://github.com/pytorch/serve/security/advisories/GHSA-wxcx-gg9c-fwp2
https://github.com/pytorch/serve/pull/3082
https://github.com/pytorch/serve/releases/tag/v0.11.0
TorchServe
is
a
flexible
and
easy-to-use
tool
for
serving
and
scaling
PyTorch
models
in
production.
TorchServe
’s
check
on
allowed_urls
configuration
can
be
by-passed
if
the
URL
contains
characters
such
as
..
but
it
does
not
prevent
the
model
from
being
downloaded
into
the
model
store.
Once
a
file
is
downloaded
it
can
be
referenced
without
providing
a
URL
the
second
time
which
effectively
bypasses
the
allowed_urls
security
check.
Customers
using
PyTorch
inference
Deep
Learning
Containers
(DLC)
through
Amazon
SageMaker
and
EKS
are
not
affected.
This
issue
in
TorchServe
has
been
fixed
by
validating
the
URL
without
characters
such
as
..
before
downloading
see
PR
#3082.
TorchServe
release
0.11.0
includes
the
fix
to
address
this
vulnerability.
Users
are
advised
to
upgrade.
There
are
no
known
workarounds
for
this
vulnerability.