Safety vulnerability ID: 72281
The information on this page was manually curated by our Cybersecurity Intelligence Team.
TorchServe 's check on allowed_urls configuration can be bypassed if the URL contains characters such as ".." but it does not prevent the model from being downloaded into the model store. Once a file is downloaded, it can be referenced without providing a URL the second time, which effectively bypasses the allowed_urls security check. Customers using PyTorch inference Deep Learning Containers (DLC) through Amazon SageMaker and EKS are unaffected.
Latest version: 0.12.0
TorchServe is a tool for serving neural net models for inference
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application