AI PRP: Arbirary File Write & SSRF in pytorch/serve CVE-2023-43654 #516
Labels
Contributor queue
When a contributor has already one issue/PR in review, we put the following ones on hold with this.
Hi,
I want to implement a detection plugin for CVE-2023-43654
Software Detail: TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production.
Vulnerability Detail: TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity of the system and sensitive data. This issue is present in versions 0.1.0 to 0.8.1.
Remarks: Normally, I know that you are not interested in SSRF vulnerabilities, but this one allows attackers to download files to the filesystem too. Also, interestingly, NIST and Github Advisories set 9.8 CVSS (Critical) score for this vulnerability. I just opened this issue to recommend a detector for this vulnerability. If you want to enhance the detection capability with this one, we can further discuss the implementation details. I saw that in some cases, you were willing to make some exceptions for arbitrary file write vulnerabilities.
Ref: https://github.com/OligoCyberSecurity/ShellTorchChecker/tree/main
Ref: https://www.oligo.security/blog/shelltorch-torchserve-ssrf-vulnerability-cve-2023-43654
The text was updated successfully, but these errors were encountered: