CVE-2024-35199: 
TorchServe vulnerability analysis and mitigation

TorchServe, a flexible tool for serving and scaling PyTorch models in production, was found to have a security vulnerability (CVE-2024-35199) where its two gRPC ports (7070 and 7071) were not bound to localhost by default. When TorchServe is launched, these interfaces are bound to all interfaces, potentially exposing them to unauthorized access. The vulnerability affects versions 0.3.0 to 0.10.0, though customers using PyTorch inference Deep Learning Containers (DLC) through Amazon SageMaker and EKS are not affected (GitHub Advisory, AWS Bulletin).

The vulnerability stems from the default configuration of TorchServe's gRPC ports 7070 and 7071, which bind to all network interfaces (0.0.0.0) instead of being restricted to localhost (127.0.0.1). This configuration issue has been assigned a CVSS v3.1 base score of 8.2 (HIGH), with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H, indicating network-level attack vector, low attack complexity, and no required privileges or user interaction (GitHub Advisory).

The exposure of gRPC ports to all interfaces could potentially allow unauthorized access to the TorchServe instance from any network interface, rather than restricting access to only the local machine. This could lead to unauthorized access to model serving capabilities and potential exploitation of the service (GitHub Advisory).

The vulnerability has been fixed in TorchServe version 0.11.0, which now binds the gRPC ports to localhost by default. For Docker deployments, the gRPC address needs to be explicitly configured to 0.0.0.0 similar to HTTP management and inference addresses. Users are advised to upgrade to version 0.11.0 or later to address this security issue (GitHub PR, GitHub Release).