Hacker News new | ask | show | jobs
by shanipribadi 1269 days ago
the 3.0.0 version that is available on pypi is now an empty package with updated description of

This is not the real torchtriton package but uploaded here to discover dependency confusion vulnerabilities

the compromised version is still available in pypi as version 2.0.0+0d7e753227 https://pypi.org/project/torchtriton/#history.

So technically, if you are pulling the older version of pytorch-nightly (specifically 2.0.0.dev20221230), it will still pull that compromised dependency (because torch have explicit version lock to it).
1 comments
smhx 1269 days ago
> So technically, if you are pulling the older version of pytorch-nightly (specifically 2.0.0.dev20221230), it will still pull that compromised dependency (because torch have explicit version lock to it).

All PyTorch nightlies with this dependency have been deleted

link
shanipribadi 1269 days ago
@smhx are you sure? at the time of this comment, I was still able to download 2.0.0.dev20221230

  pip3 download torch==2.0.0.dev20221230+cpu --extra-index-url https://download.pytorch.org/whl/nightly/cpu
and on extracting the wheel, METADATA still have

  Requires-Dist: torchtriton (==2.0.0+0d7e753227) ; extra == 'dynamo'
The package dated 20221231 has pytorch-triton already (so should be safe now)

Although I guess this is low risk, because people normally would download nightlies without pinning to a particular version/date.

But in case there are people that does pin their version, and cache those vulnerable versions (locally or on their own proxies/private repositories), they could still be affected.

I recommend to get PyPA to yank the 2.0.0.dev20221230 version in pypi, and possibly amend the post to remind people to purge their caches not just on their local but also on their proxies/private repos/mirrors (mainly for the torchtriton package) and to immediately stop using any pytorch nightlies dated before Dec 31 2022 (mainly any pytorch nighlies that has a pin on torchtriton==2.0.0+0d7e753227, not just between 25 Dec to 30 Dec).

link
smhx 1269 days ago
thanks for the heads-up, looks like we didn't yank the CPU wheels on those dates. will get to them in the next set of working hours, as its an unlikely scenario (not only do you have to install the wheel of a specific date, you also have to specify the undocumented feature flag [dynamo])
link