PyPi: Torchserve

CVE-2024-35199

Safety vulnerability ID: 72280

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Jul 19, 2024 Updated at Nov 29, 2024

Scan your Python projects for vulnerabilities →

Advisory

In affected versions, the two gRPC ports 7070 and 7071, are not bound to localhost by default, so when TorchServe is launched, these two interfaces are bound to all interfaces. Customers using PyTorch inference Deep Learning Containers (DLC) through Amazon SageMaker and EKS are unaffected.

Affected package

torchserve

Latest version: 0.12.0

TorchServe is a tool for serving neural net models for inference

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

https://github.com/advisories/GHSA-hhpg-v63p-wp7w
https://github.com/pytorch/serve/commit/aab99506a17193de217aacc1119d9381dbc6ed2b
https://github.com/pytorch/serve/pull/3083
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35199

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application