Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting
A flaw in the Google Cloud Vertex AI SDK for Python let an attacker with no access to a victims project hijack the victims machine learning model upload and run code inside Googles serving infrastructure Palo Alto Networks Unit 42 which found and reported the bug through Googles bug bounty program calls the technique Pickle in the Middle and said it saw no exploitation in the wild