1136 matches found
GHSA-4VMG-RW8F-92F9 Withdrawn Advisory: PyTorch deserialization vulnerability
Withdrawn Advisory This advisory has been withdrawn because it describes known functionality of PyTorch. This link is maintained to preserve external references. Original Description A deserialization vulnerability exists in the Pytorch RPC framework torch.distributed.rpc in pytorch/pytorch...
CVE-2024-8020
A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the /api/v1/state endpoint of LightningApp. This issue occurs due to improper handling of unexpected state values, which results in the server...
CVE-2024-8020
A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the /api/v1/state endpoint of LightningApp. This issue occurs due to improper handling of unexpected state values, which results in the server...
CVE-2024-7804
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
AZL-59201 CVE-2024-7776 affecting package pytorch for versions less than 2.2.2-5
A vulnerability in the downloadmodel function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker to overwrite files i...
CVE-2024-6577
In the latest version of pytorch/serve, the script 'uploadresultstos3.sh' references the S3 bucket 'benchmarkai-metrics-prod' without ensuring its ownership or confirming its accessibility. This could lead to potential security vulnerabilities or unauthorized access to the bucket if it is not...
CVE-2024-7804
...
CVE-2024-7804
This CVE entry is rejected/not used and does not represent an active vulnerability entry.
CVE-2024-7804
...
CVE-2024-6577 Unclaimed S3 Bucket Usage in pytorch/serve
In the latest version of pytorch/serve, the script 'uploadresultstos3.sh' references the S3 bucket 'benchmarkai-metrics-prod' without ensuring its ownership or confirming its accessibility. This could lead to potential security vulnerabilities or unauthorized access to the bucket if it is not...
CVE-2024-6577 Unclaimed S3 Bucket Usage in pytorch/serve
In the latest version of pytorch/serve, the script 'uploadresultstos3.sh' references the S3 bucket 'benchmarkai-metrics-prod' without ensuring its ownership or confirming its accessibility. This could lead to potential security vulnerabilities or unauthorized access to the bucket if it is not...
CVE-2024-6577
CVE-2024-6577 affects pytorch/serve. The script upload_results_to_s3.sh references the S3 bucket benchmarkai-metrics-prod without verifying ownership or accessibility, potentially enabling data exposure or unauthorized modifications if the bucket is not properly secured. No explicit remediation o...
CVE-2024-8020 Denial of Service in lightning-ai/pytorch-lightning
A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the /api/v1/state endpoint of LightningApp. This issue occurs due to improper handling of unexpected state values, which results in the server...
CVE-2024-8020 Denial of Service in lightning-ai/pytorch-lightning
A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the /api/v1/state endpoint of LightningApp. This issue occurs due to improper handling of unexpected state values, which results in the server...
CVE-2024-8020
CVE-2024-8020 (lightning-ai/pytorch-lightning, v2.3.2) exposes a DoS through an unexpected POST to the LightningApp API at /api/v1/state. The root cause is improper handling of unexpected state values, which can crash the server. Public references describe a DoS by sending crafted JSON (e.g., sta...
CVE-2024-8019 Arbitrary File Write/Overwrite in lightning-ai/pytorch-lightning
In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the LightningApp when running on a Windows host. The vulnerability occurs at the /api/v1/uploadfile/ endpoint, allowing an attacker to write or overwrite arbitrary files by providing a crafted filename. This can lead to...
编号撤回
PyTorch is a Python package in the PyTorch open source. This CVE number has been withdrawn...
Pytorch-Lightning 代码问题漏洞
Pytorch-Lightning is an open source lightweight PyTorch wrapper from Lightning AI open source in the US. Used for high performance Ai research. Pytorch-Lightning suffers from a code issue vulnerability that stems from the application's lack of effective validation of uploaded files. An attacker c...
PT-2025-12204 · Pypi · Pytorch-Lightning
Name of the Vulnerable Software and Affected Versions: lightning-ai/pytorch-lightning version 2.3.2 Description: A vulnerability exists in the LightningApp when running on a Windows host. The vulnerability occurs at the /api/v1/upload file/ endpoint, allowing an attacker to write or overwrite...
PT-2025-12205 · Lightning Ai · Pytorch-Lightning
Name of the Vulnerable Software and Affected Versions: pytorch-lightning version 2.3.2 Description: A vulnerability in pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the /api/v1/state endpoint of LightningApp. This issue...