Diamond Member ThaHaka 0 Posted June 16 Diamond Member Share Posted June 16 This is the hidden content, please Sign In or Sign Up A flaw in the This is the hidden content, please Sign In or Sign Up Cloud Vertex AI SDK for Python let an attacker with no access to a victim's project ******* the victim's machine learning model upload and run code inside This is the hidden content, please Sign In or Sign Up 's serving infrastructure. Palo Alto Networks Unit 42, which found and reported the bug through This is the hidden content, please Sign In or Sign Up 's bug bounty program, calls the technique "Pickle in the Middle" and said it saw no exploitation in the wild. This is the hidden content, please Sign In or Sign Up 0 Quote Link to comment https://hopzone.eu/forums/topic/318093-h4ckn3wsgoogle-vertex-ai-sdk-flaw-let-attackers-hijack-model-uploads-via-bucket-squatting/ Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.