Vertex AI SDK flaw lets attackers hijack model uploads

The Hacker News

The flaw in the Vertex AI Python SDK allowed attackers with no project access to hijack model uploads and run arbitrary code on Google's serving infrastructure. Palo Alto Networks Unit 42 discovered and reported the vulnerability through Google's bug bounty program.

vertex-ai

The Hacker News

3 hours ago