AVID-2023-V015

Vulnerability from avid – Published: 2023-03-31 – Updated: 2023-03-31 ATLAS Case Study
Summary
Linux packages for PyTorch's pre-release version, called Pytorch-nightly, were compromised from December 25 to 30, 2022 by a malicious binary uploaded to the Python Package Index (PyPI) code repository. The malicious binary had the same name as a PyTorch dependency and the PyPI package manager (pip) installed this malicious package instead of the legitimate one. This supply chain attack, also known as "dependency confusion," exposed sensitive information of Linux machines with the affected pip-installed versions of PyTorch-nightly. On December 30, 2022, PyTorch announced the incident and initial steps towards mitigation, including the rename and removal of `torchtriton` dependencies.
Risk domain
Security
SEP view
S0202: Software Compromise
Lifecycle
L02: Data Understanding, L03: Data Preparation, L04: Model Development, L05: Evaluation, L06: Deployment
Organisations
PyTorch (deployer)
Affected artifacts
Artifact Type
PyTorch System
References
URL Label
https://atlas.mitre.org/studies/AML.CS0015 Compromised PyTorch Dependency Chain
https://pytorch.org/blog/compromised-nightly-depe… PyTorch statement on compromised dependency
https://www.bleepingcomputer.com/news/security/py… Analysis by BleepingComputer

{
  "affects": {
    "artifacts": [
      {
        "name": "PyTorch",
        "type": "System"
      }
    ],
    "deployer": [
      "PyTorch"
    ],
    "developer": []
  },
  "credit": [
    {
      "lang": "eng",
      "value": "PyTorch"
    }
  ],
  "data_type": "AVID",
  "data_version": "0.2",
  "description": {
    "lang": "eng",
    "value": "Linux packages for PyTorch\u0027s pre-release version, called Pytorch-nightly, were compromised from December 25 to 30, 2022 by a malicious binary uploaded to the Python Package Index (PyPI) code repository.  The malicious binary had the same name as a PyTorch dependency and the PyPI package manager (pip) installed this malicious package instead of the legitimate one.\n\nThis supply chain attack, also known as \"dependency confusion,\" exposed sensitive information of Linux machines with the affected pip-installed versions of PyTorch-nightly. On December 30, 2022, PyTorch announced the incident and initial steps towards mitigation, including the rename and removal of `torchtriton` dependencies."
  },
  "impact": {
    "avid": {
      "lifecycle_view": [
        "L02: Data Understanding",
        "L03: Data Preparation",
        "L04: Model Development",
        "L05: Evaluation",
        "L06: Deployment"
      ],
      "risk_domain": [
        "Security"
      ],
      "sep_view": [
        "S0202: Software Compromise"
      ],
      "taxonomy_version": "0.2"
    }
  },
  "last_modified_date": "2023-03-31",
  "metadata": {
    "vuln_id": "AVID-2023-V015"
  },
  "problemtype": {
    "classof": "ATLAS Case Study",
    "description": {
      "lang": "eng",
      "value": "Compromised PyTorch Dependency Chain"
    },
    "type": "Advisory"
  },
  "published_date": "2023-03-31",
  "references": [
    {
      "label": "Compromised PyTorch Dependency Chain",
      "type": "source",
      "url": "https://atlas.mitre.org/studies/AML.CS0015"
    },
    {
      "label": "PyTorch statement on compromised dependency",
      "type": "source",
      "url": "https://pytorch.org/blog/compromised-nightly-dependency/"
    },
    {
      "label": "Analysis by BleepingComputer",
      "type": "source",
      "url": "https://www.bleepingcomputer.com/news/security/pytorch-discloses-malicious-dependency-chain-compromise-over-holidays/"
    }
  ],
  "reports": null
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…