Lucene search
GoogleOSV:GHSA-R5QJ-CVF9-P85HHistoryMar 06, 2022 - 12:00 a.m.
Code Injection in PyTorch Lightning
2022-03-0600:00:16
Google
osv.dev
26
0.003 Low
EPSS
Percentile
71.6%
PyTorch Lightning version 1.5.10 and prior is vulnerable to code injection. An attacker could execute commands on the target OS running the operating system by setting the PL_TRAINER_GPUS when using the Trainer module. A patch is included in the 1.6.0 release.
References
github.com/advisories/GHSA-r5qj-cvf9-p85h
github.com/pypa/advisory-database/tree/main/vulns/pytorch-lightning/PYSEC-2022-181.yaml
github.com/pytorchlightning/pytorch-lightning
github.com/pytorchlightning/pytorch-lightning/commit/8b7a12c52e52a06408e9231647839ddb4665e8ae
github.com/PyTorchLightning/pytorch-lightning/pull/12212
huntr.dev/bounties/a795bf93-c91e-4c79-aae8-f7d8bda92e2a
nvd.nist.gov/vuln/detail/CVE-2022-0845
Related
osv
osv
PYSEC-2022-181
2022-03-05 22:15:00
CVE-2022-0845
2022-03-05 22:15:07
cvelist
cvelist
CVE-2022-0845 Code Injection in pytorchlightning/pytorch-lightning
2022-03-05 21:25:09
github
github
Code Injection in PyTorch Lightning
2022-03-06 00:00:16
nvd
nvd
CVE-2022-0845
2022-03-05 22:15:07
prion
prion
Code injection
2022-03-05 22:15:00
cve
cve
CVE-2022-0845
2022-03-05 22:15:07
huntr
huntr
Code Injection
2022-03-02 20:56:36
Contextual Code Execution
2022-06-04 11:47:46
veracode
veracode
Remote Code Execution (RCE)
2022-03-07 05:05:37