Login Sign Up

CVE-2023-43654

10.0 CRITICAL
Remote Code Execution

📋 TL;DR

TorchServe versions 0.1.0 to 0.8.1 have a critical vulnerability where the default configuration lacks proper input validation, allowing attackers to trigger remote HTTP download requests and write arbitrary files to disk. This can lead to remote code execution, system compromise, and data theft. All TorchServe deployments using default configurations are affected.

💻 Affected Systems

Products:
  • PyTorch TorchServe
Versions: 0.1.0 to 0.8.1
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects deployments using default configuration without custom allowed_urls restrictions.

📦 What is this software?

Torchserve by Pytorch

View all CVEs affecting Torchserve →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data exfiltration, and lateral movement within the network.

🟠

Likely Case

Arbitrary file write leading to system compromise, model theft, or denial of service.

🟢

If Mitigated

Limited impact with proper URL restrictions and network segmentation in place.

🌐 Internet-Facing: HIGH - Directly exploitable via HTTP requests without authentication.
🏢 Internal Only: HIGH - Exploitable by any internal user or compromised internal system.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public exploit code available via Packet Storm Security. Exploitation requires HTTP access to TorchServe instance.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.8.2

Vendor Advisory: https://github.com/pytorch/serve/security/advisories/GHSA-8fxr-qfr9-p34w

Restart Required: Yes

Instructions:

1. Backup current configuration and models. 2. Stop TorchServe service. 3. Upgrade to version 0.8.2 or later using pip: 'pip install torchserve==0.8.2'. 4. Restart TorchServe service.

🔧 Temporary Workarounds

Configure allowed_urls restriction

all

Manually configure allowed_urls in TorchServe configuration to restrict model download sources.

Edit config.properties and set 'allowed_urls=https://trusted-source.com'

🧯 If You Can't Patch

  • Network segmentation: Isolate TorchServe instances from internet and untrusted networks.
  • Implement strict firewall rules to limit inbound connections to TorchServe HTTP port.

🔍 How to Verify

Check if Vulnerable:

Check TorchServe version: 'torchserve --version'. If version is between 0.1.0 and 0.8.1 inclusive, system is vulnerable.

Check Version:

torchserve --version

Verify Fix Applied:

Verify version is 0.8.2 or later: 'torchserve --version'. Check config.properties for allowed_urls configuration.

📡 Detection & Monitoring

Log Indicators:

  • Unusual model registration from external URLs
  • File write operations to unexpected locations
  • HTTP requests to model registration endpoint with URL parameters

Network Indicators:

  • Outbound HTTP requests from TorchServe to unexpected domains
  • Inbound requests to /models endpoint with URL parameters

SIEM Query:

source="torchserve.log" AND ("register-model" OR "model_url") AND NOT allowed_urls IN url

📊 Metadata

CVE ID: CVE-2023-43654
CVSS v3 Score: 10.0 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-918
Published: September 28, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-43654, you might also want to check these:

CVE-2023-3432 10.0

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in PlantUML versions prior to ...

Same vulnerability type (CWE-918)
CVE-2025-2828 10.0

This Server-Side Request Forgery (SSRF) vulnerability in langchain-community's RequestsToolkit allow...

Same vulnerability type (CWE-918)
CVE-2023-39967 10.0

CVE-2023-39967 is a server-side request forgery (SSRF) vulnerability in WireMock Studio that allows ...

Same vulnerability type (CWE-918)