PyTorch discloses malicious dependency chain compromise over holidays

A harmful dependency with the same name as the framework’s “torchtriton” library has been discovered by PyTorch. Through the dependency confusion attack vector, this resulted in a successful compromise. The PyTorch team advises using the most recent nightly binaries and removing torchtriton and it immediately.

Users who installed PyTorch-nightly over the holidays are being cautioned by PyTorch administrators to remove the framework and the fake “torchtriton” dependency. The open source machine learning framework PyTorch has grown in popularity throughout commercial and academic spheres, from computer vision to natural language processing

PyTorch discloses malicious dependency chain compromise over holidays

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

PyTorch discloses malicious dependency chain compromise over holidays

01-Jan-23

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address