AWS PyTorch TorchServe Bug Fix: What You Need to Know About CVE-2024-35198 and CVE-2024-35199

AWS addresses CVE-2024-35198 and CVE-2024-35199 in PyTorch TorchServe. SageMaker and EKS users remain unaffected. Upgrading to TorchServe v0.11.0 resolves these issues.

1P
Published: July 23, 2024 1:04 amAdded: July 22, 2024 at 6:12 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like TorchServe was serving up vulnerabilities faster than a short-order cook flipping pancakes. Fear not, the patch is here—now let’s hope they didn’t just slap a Band-Aid on a leaky dam!

Key Points:

  • Two CVEs identified: CVE-2024-35198 and CVE-2024-35199, affecting TorchServe versions 0.3.0 to 0.10.0.
  • AWS Deep Learning Containers (DLC) through Amazon SageMaker and Amazon EKS users are not affected.
  • TorchServe v0.11.0 resolves the issues.
  • New image tags are available for PyTorch 2.2, 2.1, and 1.13 with the patched version.
  • Thanks to Kroll Cyber Risk for their cooperation in coordinated vulnerability disclosure.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?