CVE-2018-1281

Name of the Vulnerable Software and Affected Versions Apache MXNet versions prior to 1.0.0

Description The issue allows attackers to access the MXNet instance on unexpected network interfaces. In clustered setups, users can specify the IP address and port for the scheduler using the DMLC PS ROOT URI and DMLC PS ROOT PORT environment variables. However, in versions older than 1.0.0, MXNet listens on 0.0.0.0 instead of the user-specified DMLC PS ROOT URI after initializing a scheduler node. This exposes the instance to potential attacks via unintended network interfaces.

Recommendations For Apache MXNet versions prior to 1.0.0, update to version 1.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the scheduler node to minimize the risk of exploitation.