torchserve
PyPI5 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting torchservepage 1 of 1
- CVE-2023-43654CRITICALCVSS 10.0EG 10.0✓ Fixed in 0.8.22023-09-28
vulnerable: 0.1.1 ... 0.8.1 (18 versions)
TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This iss…
- CVE-2023-48299MEDIUMCVSS 5.3EG 5.3✓ Fixed in 0.9.02023-11-21
vulnerable: 0.1.1 ... 0.8.2 (19 versions)
TorchServe is a tool for serving and scaling PyTorch models in production. Starting in version 0.1.0 and prior to version 0.9.0, using the model/workflow management API, there is a chance of uploading potentially harmful archives that cont…
- CVE-2024-35198CRITICALCVSS 9.8EG 9.8✓ Fixed in 0.11.02024-07-19
vulnerable: 0.0.1b20200409 ... 0.9.0 (22 versions)
TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. TorchServe 's check on allowed_urls configuration can be by-passed if the URL contains characters such as ".." but it does not prevent the …
- CVE-2024-35199HIGHCVSS 8.2EG 8.2✓ Fixed in 0.11.02024-07-19
vulnerable: 0.10.0 ... 0.9.0 (18 versions)
TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. In affected versions the two gRPC ports 7070 and 7071, are not bound to [localhost](http://localhost/) by default, so when TorchServe is la…
- CVE-2024-6577MEDIUMCVSS 6.3EG 6.32025-03-20
vulnerable: 0.0.1b20200409 ... 0.9.0 (23 versions)
In the latest version of pytorch/serve, the script 'upload_results_to_s3.sh' references the S3 bucket 'benchmarkai-metrics-prod' without ensuring its ownership or confirming its accessibility. This could lead to potential security vulnerab…
Check whether torchserve is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for torchserve CVEs against the assets you own.
Start Free Scan →