One Article Review
| Source |  CSO |
|---|---|
| Identifiant | 8297513 |
| Date de publication | 2023-01-03 10:29:00 (vue: 2023-01-03 19:05:57) |
| Titre | PyTorch suffers supply chain attack via dependency confusion |
| Texte | Users who deployed the nightly builds of PyTorch between Christmas and New Year's Eve likely received a rogue package as part of the installation that siphoned off sensitive data from their systems. The incident was the result of an attack called dependency confusion that continues to impact package managers and development environments if hardening steps are not taken."If you installed PyTorch nightly on Linux via pip between December 25, 2022, and December 30, 2022, please uninstall it and torchtriton immediately, and use the latest nightly binaries (newer than December 30, 2022)," the PyTorch maintainers said in a security advisory.To read this article in full, please click here |
| Envoyé | Oui |
| Condensat | 2022 advisory are article attack between binaries builds called chain christmas click confusion continues data december dependency deployed development environments eve from full hardening here immediately impact incident installation installed latest likely linux maintainers managers new newer nightly not off package part pip please pytorch read received result rogue said security sensitive siphoned steps suffers supply systems taken than torchtriton uninstall use users who year |
| Tags | |
| Stories | |
| Notes | ★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.