Description

TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production.

TorchServe Management API is designed to be accessed inside trusted environments. It's not recommended to have TorchServe Management API publicly accessible.

Remediation

It's recommended to restrict access to this service on production systems

References

ShellTorch: Multiple Critical Vulnerabilities in PyTorch Model Server (TorchServe)

Related Vulnerabilities

WordPress Plugin Simple Download Monitor Multiple Vulnerabilities (3.2.8)

TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2005-4875)

WebLogic admin console weak credentials

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2044)

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress Multiple Vulnerabilities (3.4.33)

Severity

High

Classification

CVE-2023-43654 CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Configuration