WEB APPLICATION VULNERABILITIES Standard & Premium

TorchServe Management API publicly exposed

Description

TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production.

TorchServe Management API is designed to be accessed inside trusted environments. It's not recommended to have TorchServe Management API publicly accessible.

Remediation

It's recommended to restrict access to this service on production systems

References

ShellTorch: Multiple Critical Vulnerabilities in PyTorch Model Server (TorchServe)

Related Vulnerabilities

WordPress Plugin Advanced Contact form 7 DB Information Disclosure (1.1.0)

WordPress Plugin Cimy User Manager 'cimy_um_filename' Parameter Arbitrary File Disclosure (1.4.2)

VMware vCenter vcavbootstrap Arbitrary File Read

ASP.NET diagnostic page

WordPress Plugin PAYPAL CURRENCY CONVERTER BASIC FOR WOOCOMMERCE Arbitrary File Disclosure (1.3)

Severity

High

Classification

CVE-2023-43654 CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Configuration