Login Sign Up

CVE-2024-35198

9.8 CRITICAL
Authentication Bypass Path Traversal

📋 TL;DR

This vulnerability in TorchServe allows attackers to bypass URL validation checks by using directory traversal sequences like '..' in URLs, enabling them to download arbitrary models into the model store. Once downloaded, these models can be referenced without URL validation, effectively circumventing security controls. Only TorchServe users are affected; Amazon SageMaker and EKS users are not impacted.

💻 Affected Systems

Products:
  • TorchServe
Versions: All versions before 0.11.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects TorchServe deployments not using Amazon SageMaker or EKS Deep Learning Containers.

📦 What is this software?

Torchserve by Pytorch

View all CVEs affecting Torchserve →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could download and execute malicious models leading to remote code execution, data exfiltration, or complete system compromise.

🟠

Likely Case

Unauthorized model deployment leading to service disruption, model poisoning, or data leakage from inference requests.

🟢

If Mitigated

Limited impact with proper network segmentation and strict access controls, but still vulnerable to internal threats.

🌐 Internet-Facing: HIGH - Directly exposed TorchServe instances can be exploited remotely without authentication.
🏢 Internal Only: MEDIUM - Internal attackers could exploit this to deploy malicious models or disrupt services.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires network access to TorchServe management API and knowledge of the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.11.0

Vendor Advisory: https://github.com/pytorch/serve/security/advisories/GHSA-wxcx-gg9c-fwp2

Restart Required: Yes

Instructions:

1. Stop TorchServe service. 2. Upgrade to version 0.11.0 or later using pip: 'pip install torchserve==0.11.0'. 3. Restart TorchServe service.

🔧 Temporary Workarounds

No workarounds available

all

The vendor states there are no known workarounds for this vulnerability.

🧯 If You Can't Patch

  • Restrict network access to TorchServe management API to trusted sources only.
  • Implement strict monitoring of model store changes and alert on unauthorized model downloads.

🔍 How to Verify

Check if Vulnerable:

Check TorchServe version: 'torchserve --version' or examine package version in Python environment.

Check Version:

torchserve --version

Verify Fix Applied:

Confirm version is 0.11.0 or higher using 'torchserve --version'.

📡 Detection & Monitoring

Log Indicators:

  • Unusual model download requests with '..' sequences in URLs
  • Unexpected model registrations in model store

Network Indicators:

  • HTTP requests to TorchServe management API with directory traversal patterns

SIEM Query:

source="torchserve" AND (url="*..*" OR event="model_register")

📊 Metadata

CVE ID: CVE-2024-35198
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-706
Published: July 19, 2024
Last Updated: September 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-35198, you might also want to check these:

CVE-2021-40539 9.8

This vulnerability allows attackers to bypass authentication in Zoho ManageEngine ADSelfService Plus...

Same vulnerability type (CWE-706)
CVE-2023-31814 9.8

This CVE describes a file inclusion vulnerability in D-Link DIR-300 routers that allows attackers to...

Same vulnerability type (CWE-706)
CVE-2021-37315 9.1

This vulnerability allows remote attackers to write arbitrary files on ASUS RT-AC68U routers via imp...

Same vulnerability type (CWE-706)