Medium Severity

server

Log Injection Vulnerability in Inference Server

The Triton Inference Server versions 24.01 to 24.04 are vulnerable to log injection, allowing attackers to insert arbitrary log entries. This vulnerability, patched in version 24.05, arises from insufficient input sanitization, enabling log forgery and ANSI escape sequence injection.

Available publicly on May 31 2024

4.3

CVE:

CVE-2024-0095

CWE:

532:Insertion of Sensitive Information into Log File

CVSS:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Credit:

pinkdraconian
AssessDetect

Premium

Remediate
Remediation Steps
  • Update the Triton Inference Server to version 24.05 or later.
  • Review and sanitize all user inputs before logging to prevent injection attacks.
  • Regularly audit logs for signs of tampering or unusual entries.
  • Implement log monitoring solutions that can detect and alert on log tampering or injection attempts.
Patch Details
  • Fixed Version: 24.05
  • Patch Commit: https://github.com/triton-inference-server/server/commit/e8f2e2dc80b8c10345ba4d22603df9a0b836bcee
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have 291 related security advisories that are available with Sightline Premium.

Sightline logo
About Protect AIPrivacy PolicyTerms of Service
© 2024 Protect AI, Inc.
Slack iconLinkedIn iconYoutube iconX icon