Description
TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. In the default configuration, TorchServe is vulnerable to an SSRF vulnerability. An attacker could exploit this vulnerability to compromise the server.
Remediation
Set secure values for the allowed_urls option and the model URL in the TorchServe
References
Related Vulnerabilities
MySQL Other Vulnerability (CVE-2004-0956)
Atlassian Jira Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2020-14174)
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-1429)
Joomla Exposure of Resource to Wrong Sphere Vulnerability (CVE-2020-10238)
Artifactory Improper Input Validation Vulnerability (CVE-2019-19937)