U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2024-35199

Change History

New CVE Received by NIST 7/18/2024 10:15:14 PM

Action Type Old Value New Value
Added CVSS V3.1

								
							
							
						
GitHub, Inc. AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
Added CWE

								
							
							
						
GitHub, Inc. CWE-668
Added Description

								
							
							
						
TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. In affected versions the two gRPC ports 7070 and 7071, are not bound to [localhost](http://localhost/) by default, so when TorchServe is launched, these two interfaces are bound to all interfaces. Customers using PyTorch inference Deep Learning Containers (DLC) through Amazon SageMaker and EKS are not affected. This issue in TorchServe has been fixed in PR #3083. TorchServe release 0.11.0 includes the fix to address this vulnerability. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Added Reference

								
							
							
						
GitHub, Inc. https://github.com/pytorch/serve/pull/3083 [No types assigned]
Added Reference

								
							
							
						
GitHub, Inc. https://github.com/pytorch/serve/releases/tag/v0.11.0 [No types assigned]
Added Reference

								
							
							
						
GitHub, Inc. https://github.com/pytorch/serve/security/advisories/GHSA-hhpg-v63p-wp7w [No types assigned]