Vulnerability Bulletins

Reported TorchServe Issue (CVE-2023-43654)

System information
   
Affected software AmazonWS

Description
Publication Date: 2023/10/02 02:00 PM EDT AWS is aware of CVE-2023-43654 in PyTorch TorchServe versions 0.3.0 to 0.8.1, which use a version of the SnakeYAML v1.31 open source library. TorchServe version 0.8.2 resolves these issues. AWS recommends customers using PyTorch inference Deep Learning Containers (DLC) 1.13.1, 2.0.0, or 2.0.1 in EC2, EKS, or ECS released prior to September 11, 2023, update to TorchServe version 0.8.2. Customers using PyTorch inference Deep Learning Containers (DLC)

More info:

https://aws.amazon.com/security/security-bulletins/AWS-2023-009/

Standar resources
Property Value
CVE CVE-2023-43654.

Version history
Version Comments Date
Ministerio de Defensa
CNI
CCN
CCN-CERT