{"data":{"id":"023a67f0-ae17-4db0-8d2e-35f19c5c56b7","title":"CVE-2024-35199: TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. In affected versions","summary":"TorchServe (a tool for running PyTorch machine learning models in production) has a security flaw where two communication ports, 7070 and 7071, are exposed to all network interfaces instead of being restricted to localhost (the local machine only). This means anyone on a network could potentially access these ports. The vulnerability has been fixed and is available in TorchServe version 0.11.0.","solution":"Upgrade to TorchServe release 0.11.0, which includes the fix for this vulnerability. The fix was implemented in pull request #3083.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-35199","publishedAt":"2024-07-19T06:15:14.777Z","cveId":"CVE-2024-35199","cweIds":["CWE-668"],"cvssScore":"8.2","cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["PyTorch","TorchServe","Amazon SageMaker"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00094,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}