{"data":{"id":"86f6e04d-4730-47ff-a62b-f55c0778a353","title":"CVE-2023-31036: NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where, when it is launched with the non-de","summary":"NVIDIA Triton Inference Server for Linux and Windows has a vulnerability (CVE-2023-31036) that occurs when launched with the non-default --model-control explicit option, allowing attackers to use path traversal (exploiting how file paths are handled to access unintended directories) through the model load API. A successful attack could lead to code execution (running unauthorized commands), denial of service (making the system unavailable), privilege escalation (gaining higher access levels), information disclosure (exposing sensitive data), and data tampering (modifying files).","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2023-31036","publishedAt":"2024-01-12T22:15:09.183Z","cveId":"CVE-2023-31036","cweIds":["CWE-23","CWE-22"],"cvssScore":"7.5","cvssSeverity":"high","severity":"high","attackType":["model_theft","denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["NVIDIA"],"affectedVendorsRaw":["NVIDIA Triton Inference Server"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00243,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-126"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}