Medium severity6.3GHSA Advisory· Published Mar 20, 2025· Updated Apr 15, 2026
CVE-2024-6577
CVE-2024-6577
Description
In the latest version of pytorch/serve, the script 'upload_results_to_s3.sh' references the S3 bucket 'benchmarkai-metrics-prod' without ensuring its ownership or confirming its accessibility. This could lead to potential security vulnerabilities or unauthorized access to the bucket if it is not properly secured or claimed by the appropriate entity. The issue may result in data breaches, exposure of proprietary information, or unauthorized modifications to stored data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
torchservePyPI | <= 0.11.0 | — |
Affected products
2Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.