{"id":"PYSEC-2026-1972","summary":"TorchServe ZipSlip","details":"### Impact\nUsing the model/workflow management API, there is a chance of uploading potentially harmful archives that contain files that are extracted to any location on the filesystem that is within the process permissions. Leveraging this issue could aid third-party actors in hiding harmful code in open-source/public models, which can be downloaded from the internet, and take advantage of machines running Torchserve.\n\n### Patches\nThe ZipSlip issue in TorchServe has been fixed by validating the paths of files contained within a zip archive before extracting them: https://github.com/pytorch/serve/pull/2634\n\nTorchServe release 0.9.0 includes fixes to address the ZipSlip vulnerability:\nhttps://github.com/pytorch/serve/releases/tag/v0.9.0\n\n### References\nhttps://github.com/pytorch/serve/pull/2634\nhttps://github.com/pytorch/serve/releases/tag/v0.9.0\n\n### Credit\nWe would like to thank Oligo Security for responsibly disclosing this issue.\n\nIf you have any questions or comments about this advisory, we ask that you contact AWS Security via our [vulnerability reporting page](https://aws.amazon.com/security/vulnerability-reporting) or directly via email to [aws-security@amazon.com](mailto:aws-security@amazon.com). Please do not create a public GitHub issue.","aliases":["CVE-2023-48299","GHSA-m2mj-pr4f-h9jp"],"modified":"2026-07-07T17:48:11.546614776Z","published":"2026-07-07T11:45:27.310602Z","references":[{"type":"WEB","url":"https://github.com/pytorch/serve/security/advisories/GHSA-m2mj-pr4f-h9jp"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48299"},{"type":"WEB","url":"https://github.com/pytorch/serve/pull/2634"},{"type":"WEB","url":"https://github.com/pytorch/serve/commit/bfb3d42396727614aef625143b4381e64142f9bb"},{"type":"PACKAGE","url":"https://github.com/pytorch/serve"},{"type":"WEB","url":"https://github.com/pytorch/serve/releases/tag/v0.9.0"},{"type":"PACKAGE","url":"https://pypi.org/project/torchserve"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-m2mj-pr4f-h9jp"}],"affected":[{"package":{"name":"torchserve","ecosystem":"PyPI","purl":"pkg:pypi/torchserve"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0.1.0"},{"fixed":"0.9.0"}]}],"versions":["0.1.1","0.2.0","0.2.2","0.3.0","0.3.1","0.4.0","0.4.1","0.4.2","0.5.0","0.5.1","0.5.2","0.5.3","0.6.0","0.6.1","0.7.0","0.7.1","0.8.0","0.8.1","0.8.2"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/torchserve/PYSEC-2026-1972.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}]}