Summary
Acunetix 360 identified the TorchServe Management API is publicly exposed in the target web server. TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. In the default configuration, TorchServe Management API is designed to be accessed inside trusted environments. It's not recommended to have TorchServe Management API publicly accessible.
Impact
This vulnerability allows unauthenticated attackers to expose sensitive information or use API to conduct further attacks.
Remediation
It's recommended to restrict access to this service on production systems