A trio of security vulnerabilities in TorchServe, an open-source machine-learning model serving framework, could lead to server takeover and remote code execution (RCE), the Oligo Security research team has warned.

Collectively dubbed “ShellTorch,” the flaws (CVE-2022-1471, CVE-2023-43654) can allow an attacker to send a request to upload a malicious model from an attacker-controlled address, leading to arbitrary code execution.

“By exploiting ShellTorch CVE-2023-43654, an attacker can execute code and take over the target server. This includes abusing an API misconfiguration that allows accessing the management console remotely without any authentication, exploiting a remote Server-Side Request Forgery (SSRF) vulnerability that allows uploading a malicious model that leads to code execution,” the researchers explained.

The team said they discovered another unsafe deserialization vulnerability that can be triggered remotely, using which an attacker could gain access to the network and use the resulting high privileges for lateral movement.

In a security advisory Amazon (one of the maintainers of the TorchServe library) said that PyTorch TorchServe versions 0.3.0 to 0.8.1, which use a version of the SnakeYAML v1.31 open source library are affected. The vulnerabilities were fixed in version 0.8.2.