Triton Inference Server is an open source inference serving software that streamlines AI inferencing. Triton enables teams to deploy any AI model from multiple deep learning and machine learning frameworks, including TensorRT, TensorFlow, PyTorch, ONNX, OpenVINO, Python, RAPIDS FIL, and more.
See this blog for a more in-depth technical description of the vulnerabilities.
- triton_file_write: Exploits a file overwrite vulnerability when Triton is started with the non-default
--model-control explicitflag - triton_model_rce: Allows you to obtain remote code execution on the server hosting Triton by (ab)using it's Python model backend when Triton is started with the non-default
--model-control explicitflag
The vulnerabilities and associated exploits provided in this repository are for educational and ethical security testing purposes only.
Contributions to improve the exploits or documentation are welcome. Please follow the contributing guidelines outlined in the repository.
All exploits and templates in this repository are released under the Apache 2.0 License.