Jam-Jee

**Name of the Vulnerable Software and Affected Versions** Amazon SageMaker Python SDK versions prior to 2.257.2 Amazon SageMaker Python SDK versions prior to 3.8.0 **Description** Missing integrity verification in the Triton inference handler allows a remote authenticated actor with S3 write access to the model artifact path to achieve code execution in inference containers. This is possible by replacing model artifacts in S3 with a specially crafted pickle payload that is deserialized without verification. Pickle is a Python module used for serializing and deserializing objects. **Recommendations** Upgrade to version 2.257.2 and rebuild any Triton models previously created with ModelBuilder using the updated SDK. Upgrade to version 3.8.0 and rebuild any Triton models previously created with ModelBuilder using the updated SDK.