CVE-2024-35198: TorchServe vulnerable to bypass of allowed_urls configuration
TorchServe’s check on allowed_urls configuration can be by-passed if the URL contains characters such as “..” but it does not prevent the model from being downloaded into the model store. Once a file is downloaded, it can be referenced without providing a URL the second time, which effectively bypasses the allowed_urls security check. Customers using PyTorch inference Deep Learning Containers (DLC) through Amazon SageMaker and EKS are not affected.
References
- github.com/advisories/GHSA-wxcx-gg9c-fwp2
- github.com/pytorch/serve
- github.com/pytorch/serve/commit/cdba0fd449c2fd23dcf37c54c0784035541d5114
- github.com/pytorch/serve/pull/3082
- github.com/pytorch/serve/releases/tag/v0.11.0
- github.com/pytorch/serve/security/advisories/GHSA-wxcx-gg9c-fwp2
- nvd.nist.gov/vuln/detail/CVE-2024-35198
Detect and mitigate CVE-2024-35198 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →