TorchServe Management API publicly exposed - Vulnerability Database

TorchServe Management API publicly exposed

Description

TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production.

TorchServe Management API is designed to be accessed inside trusted environments. It's not recommended to have TorchServe Management API publicly accessible.

Remediation

It's recommended to restrict access to this service on production systems

References

ShellTorch: Multiple Critical Vulnerabilities in PyTorch Model Server (TorchServe)

Related Vulnerabilities

Severity

High

Classification

CVE-2023-43654

CWE-200

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N