CVE-2024-6577: In the latest version of pytorch/serve, the script 'upload_results_to_s3.sh' references the S3 bucket 'benchmarkai-metri
mediumvulnerability
security
Summary
CVE-2024-6577 is a vulnerability in PyTorch Serve where a script called 'upload_results_to_s3.sh' references an Amazon S3 bucket (a cloud storage service) without verifying that the script's creators actually own or control it, potentially allowing unauthorized access to sensitive data stored in that bucket.
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 0.1%
Classification
Attack Type
Supply Chain
Attack SophisticationModerate
Impact (CIA+S)
confidentialityintegrity
Taxonomy References
CWE (Weakness Type)
Affected Vendors
Meta
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-6577
First tracked: February 15, 2026 at 08:37 PM
Classified by LLM (prompt v3) · confidence: 85%