Product Research Enterprise Plans Docs

PyPi: Torchserve

CVE-2022-22815

Transitive

Safety vulnerability ID: 48563

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Jan 10, 2022 Updated at May 16, 2024

Scan your Python projects for vulnerabilities →

Advisory

Torchserve 0.5.3 updates its dependency 'pillow' to v9.0.0 to include security fixes.

Affected package

torchserve

Latest version: 0.11.0

TorchServe is a tool for serving neural net models for inference

Affected versions

Fixed versions

Vulnerability changelog

This is the release of TorchServe v0.5.3.

New Features
+ KServe V2 support - Added [support](https://github.com/pytorch/serve/pull/1340) for KServe V2 protocol.
+ Model customized metadata support - Extended [managementAPI](https://github.com/pytorch/serve/pull/1421) to support customized metadata from handler.

Improvements
+ Upgraded [log4j2](https://logging.apache.org/log4j/2.x/security.html) version to 2.17.1 - Added [log4j upgrade](https://github.com/pytorch/serve/pull/1395) to address [CVE-2021-44832](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832).
+ Upgraded pillow to 9.0.0, python support upgraded to py3.8/py3.9 - Added [docker](https://github.com/pytorch/serve/pull/1435), [install dependency ](https://github.com/pytorch/serve/pull/1459) upgrade.
+ GPU utilization and GPU memory usage metrics support - Added [support](https://github.com/pytorch/serve/pull/1453) for GPU utilization and GPU memory usage metrics in benchmarks.
+ Workflow benchmark support - Added [support](https://github.com/pytorch/serve/pull/1445) for workflow benchmark.
+ benchmark-ab.py warmup support - Added [support](https://github.com/pytorch/serve/pull/1413) for warmup in benchmark-ab.py.
+ Multiple inputs for a model inference example - Added [example](https://github.com/pytorch/serve/pull/1403) to support multiple inputs for a model inference.
+ Documentation refactor - Improved [documention](https://github.com/pytorch/serve/pull/1424).
+ Added API auto-discovery - Added [support](https://github.com/pytorch/serve/pull/1418) for API auto-discovery.
+ Nightly build support - Added [support](https://pypi.org/project/torchserve-nightly/) for Github action nightly build `pip install torchserve-nightly`

Platform Support
Ubuntu 16.04, Ubuntu 18.04, MacOS 10.14+, Windows 10 Pro, Windows Server 2019, Windows subsystem for Linux (Windows Server 2019, WSLv1, Ubuntu 18.0.4). TorchServe now requires Python 3.8 and above.

GPU Support

Resources

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22815

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

MEDIUM 6.5

CVSS v3 Details

MEDIUM 6.5

Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality Impact (C): NONE
Integrity Impact (I): LOW
Availability Availability (A): LOW

CVSS v2 Details

MEDIUM 6.4

Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (Au): NONE
Confidentiality Impact (C): NONE
Integrity Impact (I): PARTIAL
Availability Impact (A): PARTIAL