Closed secureness closed 1 week ago
CC @maoning
@secureness thanks for submitting the request! It is in scope for the AI PRP bounty. Please complete the following items:
Thanks!
@secureness Everything looks good, you can move forward with the implementation.
@maoning we can overwrite current models for all versions of the triton inference server to reach RCE, do you want to implement this as well as the vulnerable versions?
@secureness please implement the version that applies to all versions of the triton inference server.
thank you, I received the bounty.
triton inference server is a popular NVIDIA product built for AI.
the following report pulls a default docker image, deploys it on the server, and runs a simple post-HTTP request to run an arbitrary command. https://huntr.com/bounties/b27148e3-4da4-4e12-95ae-756d33d94687/