Google Vertex AI SDK Flaw: Bucket Squatting Attack
🟠 High | Source: The Hacker News A vulnerability in the Google Cloud Vertex AI Python SDK allowed an attacker with no prior access to a victim’s project to intercept and replace machine learning model uploads by claiming a predictable Google Cloud Storage bucket name — a technique dubbed ‘Pickle in the Middle’ by Palo Alto Networks Unit 42. Because ML models are typically serialised using the Python Pickle format, a malicious model could execute arbitrary code within Google’s Vertex AI serving infrastructure. No exploitation in the wild has been observed, and the issue was responsibly disclosed via Google’s bug bounty programme. ...