Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
TorchServe gRPC Port Exposure
Vulnerability Description
TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. In affected versions the two gRPC ports 7070 and 7071, are not bound to [localhost](http://localhost/) by default, so when TorchServe is launched, these two interfaces are bound to all interfaces. Customers using PyTorch inference Deep Learning Containers (DLC) through Amazon SageMaker and EKS are not affected. This issue in TorchServe has been fixed in PR #3083. TorchServe release 0.11.0 includes the fix to address this vulnerability. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Vulnerability Type
将资源暴露给错误范围
Vulnerability Title
TorchServe 安全漏洞
Vulnerability Description
TorchServe是pytorch开源的一个灵活且易于使用的工具。用于在生产中提供和扩展 PyTorch 模型。 TorchServe 0.3.0版本存在安全漏洞,该漏洞源于两个gRPC端口7070和7071默认不绑定到localhost,导致在启动TorchServe时这两个接口会绑定到所有接口。
CVSS Information
N/A
Vulnerability Type
N/A