MEDIUM 6.3
PYSEC-2026-1973
TorchServe script references S3 bucket without ensuring ownership or confirming accessibility
상세
In the latest version of pytorch/serve, the script 'upload_results_to_s3.sh' references the S3 bucket 'benchmarkai-metrics-prod' without ensuring its ownership or confirming its accessibility. This could lead to potential security vulnerabilities or unauthorized access to the bucket if it is not properly secured or claimed by the appropriate entity. The issue may result in data breaches, exposure of proprietary information, or unauthorized modifications to stored data.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
PyPI / torchserve
최초 영향 버전:
0 No fixed version published yet for torchserve (pip). Pin to a known-safe version or switch to an alternative.