VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

Vertex AI SDK: Model upload interception — update to v1.148.0

Vertex AI SDK: перехват загрузок моделей — обновите до v1.148.0

Colleagues, note: a vulnerability in the Google Vertex AI SDK (Python) allowed interception of model uploads via bucket squatting.

- Unit 42: SDK generated a predictable temporary bucket name from the project ID and region; an attacker could pre-create that bucket.
- Impact: files were written to the attacker’s bucket — the attacker could replace the model; pickle/joblib deserialization executes code in the serving container.
- Conditions: occurs when staging_bucket is unset and no temp bucket exists in the region; attack depends on timing.
- Recommendations: upgrade google-cloud-aiplatform to v1.148.0+ and specify your own staging_bucket.

Why this matters: model tampering can lead to code execution and leakage of tokens/data.

What practices do you use to protect model uploads?

#cybersecurity #cloudsecurity #VertexAI

Latest comments

No comments yet.