We use cookies to improve your experience on our site.
AVID-2023-V015
Description
Compromised PyTorch Dependency Chain
Details
Linux packages for PyTorch’s pre-release version, called Pytorch-nightly, were compromised from December 25 to 30, 2022 by a malicious binary uploaded to the Python Package Index (PyPI) code repository. The malicious binary had the same name as a PyTorch dependency and the PyPI package manager (pip) installed this malicious package instead of the legitimate one.
This supply chain attack, also known as “dependency confusion,” exposed sensitive information of Linux machines with the affected pip-installed versions of PyTorch-nightly. On December 30, 2022, PyTorch announced the incident and initial steps towards mitigation, including the rename and removal of torchtriton dependencies.
References
- Compromised PyTorch Dependency Chain
- PyTorch statement on compromised dependency
- Analysis by BleepingComputer
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0202: Software Compromise
- Lifecycle stages: L02: Data Understanding, L03: Data Preparation, L04: Model Development, L05: Evaluation, L06: Deployment
Affected or Relevant Artifacts
- Developer:
- Deployer: PyTorch
- Artifact Details:
Type Name System PyTorch
Other information
- Vulnerability Class: ATLAS Case Study
- Credits: PyTorch
- Date Published: 2023-03-31
- Date Last Modified: 2023-03-31
- Version: 0.2
- AVID Entry