Published: 28/09/2023 Updated: 31/10/2023

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity of the system and sensitive data. This issue is present in versions 0.1.0 to 0.8.1. A user is able to load the model of their choice from any URL that they would like to use. The user of TorchServe is responsible for configuring both the allowed_urls and specifying the model URL to be used. A pull request to warn the user when the default value for allowed_urls is used has been merged in PR #2534. TorchServe release 0.8.2 includes this change. Users are advised to upgrade. There are no known workarounds for this issue.

Vulnerable Product	Search on Vulmon	Subscribe to Product
pytorch torchserve

The PyTorch model server contains multiple vulnerabilities that can be chained together to permit an unauthenticated remote attacker arbitrary Java code execution The first vulnerability is that the management interface is bound to all IP addresses and not just the loop back interface as the documentation suggests The second vulnerability (CVE-20 ...

The PyTorch model server contains multiple vulnerabilities that can be chained together to permit an unauthenticated remote attacker arbitrary Java code execution The first vulnerability is that the management interface is bound to all IP addresses and not just the loop back interface as the documentation suggests The seco ...

The PyTorch model server contains multiple vulnerabilities that can be chained together to permit an unauthenticated remote attacker arbitrary Java code execution. The first vulnerability is that the management interface is bound to all IP addresses and not just the loop back interface as the documentation suggests. The second vulnerability (CVE-2023-43654) allows attackers with access to the management interface to register MAR model files from arbitrary servers. The third vulnerability is that when an MAR file is loaded, it can contain a YAML configuration file that when deserialized by snakeyaml, can lead to loading an arbitrary Java class.

msf > use exploit/multi/http/torchserver_cve_2023_43654
msf exploit(torchserver_cve_2023_43654) > show targets
    ...targets...
msf exploit(torchserver_cve_2023_43654) > set TARGET < target-id >
msf exploit(torchserver_cve_2023_43654) > show options
    ...show and set options...
msf exploit(torchserver_cve_2023_43654) > exploit

A tool that checks if a TorchServe instance is vulnerable to CVE-2023-43654

ShellTorch Checker Tool This tool checks if a TorchServe instance is vulnerable to CVE-2023-43654 and provides possible ways for mitigation For more details please see our full report at wwwoligosecurity/blog/shelltorch-torchserve-ssrf-vulnerability-cve-2023-43654 To run the tool, execute the following command: bash <(curl rawgithubusercontentcom/Oli

Trio of TorchServe flaws means PyTorch users need an urgent upgrade

The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Meta, the project's maintainer, shrugs

A trio of now-patched security issues in TorchServe, an open-source tool for scaling PyTorch machine-learning models in production, could lead to server takeover and remote code execution (RCE), according to security researchers. The three CVEs, collectively dubbed "ShellTorch," rendered "tens of thousands of exposed instances" vulnerable, wrote software bill of material management firm Oligo Security's Idan Levcovich, Guy Kaplan, and Gal Elbaz in a report published on Tuesday. Meta, which along...

CVE-2023-43654

Vulnerability Summary

Vulnerability Trend

Exploits

Metasploit Modules

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect