CVE-2024-6577 Information

Description

In the latest version of pytorch/serve the script ‘upload_results_to_s3.sh’ references the S3 bucket ‘benchmarkai-metrics-prod’ without ensuring its ownership or confirming its accessibility. This could lead to potential security vulnerabilities or unauthorized access to the bucket if it is not properly secured or claimed by the appropriate entity. The issue may result in data breaches exposure of proprietary information or unauthorized modifications to stored data.

Reference

https://huntr.com/bounties/20917570-8328-428f-bd1d-4fcd71fb2359