Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?
AWS PyTorch TorchServe Bug Fix: What You Need to Know About CVE-2024-35198 and CVE-2024-35199
AWS addresses CVE-2024-35198 and CVE-2024-35199 in PyTorch TorchServe. SageMaker and EKS users remain unaffected. Upgrading to TorchServe v0.11.0 resolves these issues.
Hot Take:
Looks like TorchServe was serving up vulnerabilities faster than a short-order cook flipping pancakes. Fear not, the patch is here—now let’s hope they didn’t just slap a Band-Aid on a leaky dam!
Key Points:
- Two CVEs identified: CVE-2024-35198 and CVE-2024-35199, affecting TorchServe versions 0.3.0 to 0.10.0.
- AWS Deep Learning Containers (DLC) through Amazon SageMaker and Amazon EKS users are not affected.
- TorchServe v0.11.0 resolves the issues.
- New image tags are available for PyTorch 2.2, 2.1, and 1.13 with the patched version.
- Thanks to Kroll Cyber Risk for their cooperation in coordinated vulnerability disclosure.
Already a member? Log in here