CVE-2023-43654

Name of the Vulnerable Software and Affected Versions TorchServe versions 0.1.0 through 0.8.1

Description The issue is related to the default configuration of TorchServe, which lacks proper input validation. This enables third parties to invoke remote HTTP download requests and write files to the disk, potentially compromising the integrity of the system and sensitive data. The user of TorchServe is responsible for configuring both the allowed urls and specifying the model URL to be used. A pull request to warn the user when the default value for allowed urls is used has been merged. The issue could be taken advantage of to compromise the integrity of the system and sensitive data, and it may allow unauthorized access to AI models, enabling Remote Code Execution (RCE).

Recommendations For versions 0.1.0 through 0.8.1, upgrade to TorchServe release 0.8.2, which includes the fix for this issue. Users can use the following new image tags to pull DLCs that ship with patched TorchServe version 0.8.2. As a temporary workaround, consider configuring the allowed urls to restrict access to specific URLs and specifying the model URL to be used. Restrict access to the allowed urls configuration to minimize the risk of exploitation. Avoid using the default value for allowed urls until the issue is resolved.