AI PRP: Arbirary File Write & SSRF in pytorch/serve CVE-2023-43654

[frkngksl]

Hi,

I want to implement a detection plugin for CVE-2023-43654

Software Detail: TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production.

Vulnerability Detail: TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity of the system and sensitive data. This issue is present in versions 0.1.0 to 0.8.1.

Remarks: Normally, I know that you are not interested in SSRF vulnerabilities, but this one allows attackers to download files to the filesystem too. Also, interestingly, NIST and Github Advisories set 9.8 CVSS (Critical) score for this vulnerability. I just opened this issue to recommend a detector for this vulnerability. If you want to enhance the detection capability with this one, we can further discuss the implementation details. I saw that in some cases, you were willing to make some exceptions for arbitrary file write vulnerabilities.

Ref: https://github.com/OligoCyberSecurity/ShellTorchChecker/tree/main
Ref: https://www.oligo.security/blog/shelltorch-torchserve-ssrf-vulnerability-cve-2023-43654