Log Injection Vulnerability in Inference Server
The Triton Inference Server versions 24.01 to 24.04 are vulnerable to log injection, allowing attackers to insert arbitrary log entries. This vulnerability, patched in version 24.05, arises from insufficient input sanitization, enabling log forgery and ANSI escape sequence injection.
Available publicly on May 31 2024 | Available with Premium on May 30 2024
Remediation Steps
- Update the Triton Inference Server to version 24.05 or later.
- Review and sanitize all user inputs before logging to prevent injection attacks.
- Regularly audit logs for signs of tampering or unusual entries.
- Implement log monitoring solutions that can detect and alert on log tampering or injection attempts.
Patch Details
- Fixed Version: 24.05
- Patch Commit: https://github.com/triton-inference-server/server/commit/e8f2e2dc80b8c10345ba4d22603df9a0b836bcee
Want more out of Sightline?
Sightline offers even more for premium customers
Go Premium
We have - related security advisories that are available with Sightline Premium.