What is CVE-2023-48299?

CVE-2023-48299 is a medium-severity vulnerability in Pytorch Serve, classified under Path Traversal. CVSS score: 5.3/10. Published 2023-11-21.

How severe is CVE-2023-48299?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Path Traversal in Pytorch Serve

CVE-2023-48299

TorchServe is a tool for serving and scaling PyTorch models in production. Starting in version 0.1.0 and prior to version 0.9.0, using the model/workflow management API, there is a chance of uploading potentially harmful archives that cont…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.004 (63.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N.

Affected products

Pytorch Serve — versions >= 0.1.0, < 0.9.0

Weakness classification (CWE)

CWE-22 — Path Traversal

References

https://github.com/pytorch/serve/security/advisories/GHSA-m2mj-pr4f-h9jp (x_refsource_CONFIRM)
https://github.com/pytorch/serve/pull/2634 (x_refsource_MISC)
https://github.com/pytorch/serve/commit/bfb3d42396727614aef625143b4381e64142f9bb (x_refsource_MISC)
https://github.com/pytorch/serve/releases/tag/v0.9.0 (x_refsource_MISC)

Frequently asked questions

What is CVE-2023-48299?: CVE-2023-48299 is a medium-severity vulnerability in Pytorch Serve, classified under Path Traversal. CVSS score: 5.3/10. Published 2023-11-21.
How severe is CVE-2023-48299?: Medium severity. CVSS v3 base score is 5.3 out of 10.