CVE-2024-5980

A vulnerability in the /v1/runs API endpoint of lightning-ai/pytorch-lightning v2.2.4 allows attackers to exploit path traversal when extracting tar.gz files. When the LightningApp is running with the pluginserver, attackers can deploy malicious tar.gz plugins that embed arbitrary files with path...

CVE-2024-5980

A vulnerability in the /v1/runs API endpoint of lightning-ai/pytorch-lightning v2.2.4 allows attackers to exploit path traversal when extracting tar.gz files. When the LightningApp is running with the pluginserver, attackers can deploy malicious tar.gz plugins that embed arbitrary files with path...

CVE-2024-5480

A vulnerability in PyTorch's torch.distributed.rpc framework, specifically in versions prior to 2.2.2, allows for remote code execution RCE. The framework, which is used in distributed training scenarios, does not properly verify the functions being called during RPC Remote Procedure Call...

Pytorch-Lightning Code Issue Vulnerability

Pytorch-Lightning is an open source lightweight PyTorch wrapper open-sourced by Lightning AI in the US. Used for high performance Ai research. A code issue vulnerability exists in Pytorch-Lightning version v2.2.4, which stems from the runtool command in the rapids component that allows the main...

PT-2024-37290 · Pypi · Pytorch-Lightning

Name of the Vulnerable Software and Affected Versions: pytorch-lightning version 2.2.4 Description: A path traversal issue exists in the "/v1/runs" API endpoint, allowing attackers to exploit this vulnerability when extracting tar.gz files. This can be used to deploy malicious tar.gz plugins that...

PyTorch Detection

Binary data pytorchdetect.nbin...

PyTorch < 2.2.2 RCE

The remote host contains a torchserve version that is prior to 2.2.2. It is, therefore, affected by a remote code execution vulnerability. A vulnerability in the PyTorch's torch.distributed.rpc framework, specifically in versions prior to 2.2.2, allows for remote code execution RCE. The framework...

The vulnerability of the RPC procedure call component in the PyTorch machine learning framework allows a attacker to execute arbitrary code.

The vulnerability of the RPC procedure call component in the PyTorch machine learning framework is related to the lack of measures taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

BIT-MLFLOW-2024-37059

Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.5.0 or newer, enabling a maliciously uploaded PyTorch model to run arbitrary code on an end user’s system when interacted with...

CVE-2024-5480

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2024-5480

A vulnerability in the PyTorch's torch.distributed.rpc framework, specifically in versions prior to 2.2.2, allows for remote code execution RCE. The framework, which is used in distributed training scenarios, does not properly verify the functions being called during RPC Remote Procedure Call...

AZL-50635 CVE-2024-5187 affecting package pytorch for versions less than 2.2.2-3

A vulnerability in the downloadmodelwithtestdata function of the onnx/onnx framework, version 1.16.0, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability enables attackers to overwrite any file on the system,...

UBUNTU-CVE-2024-5480

A vulnerability in the PyTorch's torch.distributed.rpc framework, specifically in versions prior to 2.2.2, allows for remote code execution RCE. The framework, which is used in distributed training scenarios, does not properly verify the functions being called during RPC Remote Procedure Call...

CVE-2024-5480

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

GHSA-CGWC-QVRX-RF7F Remote code execution in pytorch lightning

A remote code execution RCE vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the deepdiff library. The library uses deepdiff.Delta objects to modify application state base...

Remote code execution in pytorch lightning

A remote code execution RCE vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the deepdiff library. The library uses deepdiff.Delta objects to modify application state base...

CVE-2024-5480

CVE-2024-5480 is a valid vulnerability describing a remote code execution in PyTorch’s torch.distributed.rpc framework prior to version 2.2.2. Red Hat’s entry details an RCE arising when a worker serializes and sends a PythonUDF to the master and the master deserializes/executes it without proper...

CVE-2024-5480

...

CVE-2024-5480

...

CVE-2024-5480

Removed by vendor...