CVE-2024-35198
TorchServe vulnerable to bypass of allowed_urls configuration
Description
### Impact TorchServe's check on allowed_urls configuration can be by-passed if the URL contains characters such as ".." but it does not prevent the model from being downloaded into the model store. Once a file is downloaded, it can be referenced without providing a URL the second time, which effectively bypasses the allowed_urls security check. Customers using PyTorch inference Deep Learning Containers (DLC) through Amazon SageMaker and EKS are not affected. ### Patches This issue in TorchServe has been fixed by validating the URL without characters such as ".." before downloading: [#3082](https://github.com/pytorch/serve/pull/3082). TorchServe release 0.11.0 includes the fix to address this vulnerability. ### References * [#3082](https://github.com/pytorch/serve/pull/3082) * [TorchServe release v0.11.0](https://github.com/pytorch/serve/releases/tag/v0.11.0) Thank Kroll Cyber Risk for for responsibly disclosing this issue. If you have any questions or comments about this advisory, we ask that you contact AWS Security via our [vulnerability reporting page](https://aws.amazon.com/security/vulnerability-reporting) or directly via email to [[email protected]](mailto:[email protected]). Please do not create a public GitHub issue.
How to fix CVE-2024-35198
To remediate CVE-2024-35198, upgrade the affected package to a fixed version below.
- —upgrade to 0.11.0 or later
Is CVE-2024-35198 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 0.11.0