Description
NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause a remote code execution by manipulating the model name parameter in the model control APIs. A successful exploit of this vulnerability might lead to remote code execution, denial of service, information disclosure, and data tampering.
Problem types
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Product status
All versions prior to 25.08
References
nvidia.custhelp.com/app/answers/detail/a_id/5691
