Get a demo
AppSec with Zero Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo

TorchServe Management API SSRF (CVE-2023-43654)

Severity: Critical
Summary#

PRODUCT} identified the TorchServe Management API SSRF (CVE-2023-43654) in the target web server. TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. In the default configuration, TorchServe is vulnerable to an SSRF vulnerability. An attacker could exploit this vulnerability to compromise the server.

Impact#

This vulnerability allows unauthenticated attackers to compromise the server.

Remediation#

Set secure values for the allowed_urls option and the model URL in the TorchServe.

Classifications#
, , ,

Select Category

OR

Search Vulnerability

Related Vulnerabilities

Related Articles

Build your resistance to threats. And save hundreds of hours each month.

Get a demo See how it works