Tag
#vulnerability-management
6 posts tagged vulnerability-management.
- defense
How to Triage an ML-Stack CVE: A Practical Workflow
A repeatable workflow for taking an ML-library CVE from 'a scanner flagged it' to a defensible decision — without panic-patching everything or trusting the CVSS number to do your thinking.
- Vulnerability Tracking
PyTorch Security: Notable CVEs and How to Harden Your Loading Path
PyTorch's most consequential CVEs cluster around one thing — loading a model file that runs code. A walk through the verified entries, what each actually requires to exploit, and the hardening that holds.
- Vulnerability Tracking
trust_remote_code and the ML Orchestration CVE Class
A second family of ML supply-chain CVEs has nothing to do with model weights and everything to do with the glue: transformers' trust_remote_code, langchain expression surfaces, and template injection in orchestration libraries.
- Vulnerability Tracking
Unsafe Model Deserialization: The Pickle Problem Behind ML CVEs
Loading a model file can execute arbitrary code. This is the single most repeated vulnerability class in the ML supply chain — the real CVEs, why the fixes keep arriving late, and what actually mitigates it.
- Vulnerability Tracking
ML CVE Database Vulnerabilities: What's Tracked and Missing
How ML CVE database vulnerabilities are catalogued in NVD and MITRE, why the taxonomy breaks down for AI-specific flaws, and which real CVEs in TensorFlow, PyTorch, and MLflow demand attention.
- defense
Reading an ML Library CVE: What to Extract Beyond the CVSS Score
ML library CVEs are usually scored against a generic threat model that doesn't match how the library is used in production AI systems. Here's what to actually evaluate.