scio is vunerable to Remote Command Execution through PyTorch
Impact
PyTorch reported a critical vulnerability when using torch.load, even with option weights_only=True, for torch <= 2.5.1.
In scio <= 1.0.0, the lower bound for torch is 2.3.
Patches
The lower bound was changed to torch >= 2.6, starting from scio >= 1.0.1 (currently in dev state).
Workarounds
You can manually check that you are using torch >= 2.6.
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime