Warning: PyTorch Models Vulnerable to Remote Code Execution via ShellTorch

The TorchServe tool for delivering and scaling PyTorch models has been found to contain a number of serious security issues that might be combined to allow remote code execution on vulnerable computers.

The vulnerabilities have been dubbed ShellTorch by Israeli runtime application security startup Oligo, which made the discovery.

Security researchers Idan Levcovich, Guy Kaplan, and Gal Elbaz warned that these flaws “can lead to a full chain Remote Code Execution (RCE), leaving countless thousands of services and end-users — including some of the largest companies — open to unauthorized access and the insertion of malicious AI models, as well as potentially a full server takeover read more PyTorch Models Vulnerable to Remote Code Execution via ShellTorch.

Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehensive coverage of the latest threats, breaches, and solutions.

Leave a Reply

Your email address will not be published. Required fields are marked *