CVE-2023-48299: 
TorchServe vulnerability analysis and mitigation

TorchServe, a tool for serving and scaling PyTorch models in production, was found to contain a ZipSlip vulnerability (CVE-2023-48299) affecting versions 0.1.0 to 0.9.0. The vulnerability was discovered in the model/workflow management API, where potentially harmful archives could be uploaded and extracted to any location on the filesystem within process permissions (GitHub Advisory).

The vulnerability is classified as a Path Traversal issue (CWE-22) with a CVSS v3.1 base score of 5.3 (Medium). The attack vector is Network-based with low attack complexity, requiring no privileges or user interaction. The scope is unchanged, with no impact on confidentiality, low impact on integrity, and no impact on availability (NVD).

This vulnerability could allow third-party actors to hide harmful code in open-source/public models that can be downloaded from the internet. When these models are executed on machines running TorchServe, the malicious code could be extracted to arbitrary locations on the filesystem, potentially compromising the system (GitHub Advisory).

The vulnerability has been fixed in TorchServe version 0.9.0 by implementing validation of file paths contained within zip archives before extraction. Users are advised to upgrade to version 0.9.0 or later to address this security issue (Release Notes, GitHub Patch).

The vulnerability was responsibly disclosed by Oligo Security, and AWS Security has been involved in handling the security advisory. The fix was implemented through a pull request that received attention from the TorchServe maintainers and was merged after proper review (GitHub PR).