Medium severity6.3GHSA Advisory· Published Mar 20, 2025· Updated Apr 15, 2026

CVE-2024-6577

Description

In the latest version of pytorch/serve, the script 'upload_results_to_s3.sh' references the S3 bucket 'benchmarkai-metrics-prod' without ensuring its ownership or confirming its accessibility. This could lead to potential security vulnerabilities or unauthorized access to the bucket if it is not properly secured or claimed by the appropriate entity. The issue may result in data breaches, exposure of proprietary information, or unauthorized modifications to stored data.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
torchservePyPI	<= 0.11.0	—

Affected products

Pytorch/ServeGHSA
Range: <= 0.11.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-xx7c-j7h3-vjcqghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-6577ghsaADVISORY
huntr.com/bounties/20917570-8328-428f-bd1d-4fcd71fb2359nvdWEB

News mentions

No linked articles in our index yet.

cvss	0.410
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000