NVIDIA Triton Log Injection Enables Remote Code Exec
CVE-2024-0095 Published on June 13, 2024
NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where a user can inject forged logs and executable commands by injecting arbitrary data as a new log entry. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
Weakness Type
Improper Output Neutralization for Logs
The software does not neutralize or incorrectly neutralizes output that is written to logs.
Products Associated with CVE-2024-0095
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-0095 are published in NVIDIA Triton Inference Server:
Affected Versions
NVIDIA Triton Inference Server:- Version 20.10 to 24.04 is affected.
- Version 20.10, <= 24.04 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.