A vulnerability in Google Cloud Vertex AI SDK for Python enabled attackers to hijack machine learning model uploads and execute code within Google's infrastructure without requiring access to the victim's project. Palo Alto Networks Unit 42 discovered the flaw, dubbed 'Pickle in the Middle,' and reported it through Google's bug bounty program with no evidence of active exploitation.
A flaw in the Google Cloud Vertex AI SDK for Python let an attacker with no access to a victim's project hijack the victim's machine learning model upload and run code inside Google's serving infrastructure. Palo Alto Networks Unit 42, which found and reported the bug through Google's bug bounty program, calls the technique "Pickle in the Middle" and said it saw no exploitation in the wild.
Originally published at thehackernews.com
60-minute technical evaluation, no obligation. We'll map the ideas in this article to your environment.
