1136 matches found
CVE-2024-5452
A remote code execution RCE vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the deepdiff library. The library uses deepdiff.Delta objects to modify application state base...
CVE-2024-5452
A remote code execution RCE vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the deepdiff library. The library uses deepdiff.Delta objects to modify application state base...
CVE-2024-5452
CVE-2024-5452 affects lightning-ai/pytorch-lightning (v2.2.1) and arises from insecure deserialization via deepdiff.Delta, where dunder attributes can be manipulated to bypass whitelists and cause arbitrary attribute writes, yielding remote code execution (RCE) on self-hosted PyTorch Lightning ap...
CVE-2024-5452 RCE via Property/Class Pollution in lightning-ai/pytorch-lightning
A remote code execution RCE vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the deepdiff library. The library uses deepdiff.Delta objects to modify application state base...
CVE-2024-5452 RCE via Property/Class Pollution in lightning-ai/pytorch-lightning
A remote code execution RCE vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the deepdiff library. The library uses deepdiff.Delta objects to modify application state base...
PT-2024-36377 · Unknown +1 · Pytorch-Lightning +1
Name of the Vulnerable Software and Affected Versions: pytorch-lightning version 2.2.1 Description: A remote code execution issue exists due to improper handling of deserialized user input and mismanagement of dunder attributes by the deepdiff library. The library uses deepdiff.Delta objects to...
PT-2024-4009 · Pytorch · Pytorch
Name of the Vulnerable Software and Affected Versions: PyTorch versions prior to 2.2.2 Description: The vulnerability in PyTorch's torch.distributed.rpc framework allows for remote code execution RCE due to the lack of proper verification of functions being called during RPC operations. This...
Number withdrawn
PyTorch is a Python package in the PyTorch open source. This CVE number has been withdrawn...
Pytorch-Lightning Security Vulnerability
Pytorch-Lightning is an open source lightweight PyTorch wrapper. It is used for high performance Ai research. A security vulnerability exists in Pytorch-Lightning version 2.2.1, which stems from mishandling of deserialized user input and mismanagement of the dunder attribute, leading to a remote...
GHSA-WF7F-8FXF-XFXC MLFlow unsafe deserialization
Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.5.0 or newer, enabling a maliciously uploaded PyTorch model to run arbitrary code on an end user’s system when interacted with...
MLFlow unsafe deserialization
Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.5.0 or newer, enabling a maliciously uploaded PyTorch model to run arbitrary code on an end user’s system when interacted with...
CVE-2024-37059
Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.5.0 or newer, enabling a maliciously uploaded PyTorch model to run arbitrary code on an end user’s system when interacted with...
CVE-2024-37059
Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.5.0 or newer, enabling a maliciously uploaded PyTorch model to run arbitrary code on an end user’s system when interacted with...
CVE-2024-37059
Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.5.0 or newer, enabling a maliciously uploaded PyTorch model to run arbitrary code on an end user’s system when interacted with...
CVE-2024-37059
Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.5.0 or newer, enabling a maliciously uploaded PyTorch model to run arbitrary code on an end user’s system when interacted with...
Exploit for Server-Side Request Forgery in Pytorch Torchserve
CVE-2023-43654 ShellTorch is a chain of 3 Critical...
CVE-2024-27318 affecting package pytorch for versions less than 2.0.0-6
CVE-2024-27318 affecting package pytorch for versions less than 2.0.0-6. A patched version of the package is available...
CVE-2024-31584 affecting package pytorch for versions less than 2.0.0-5
CVE-2024-31584 affecting package pytorch for versions less than 2.0.0-5. A patched version of the package is available...
CVE-2024-31580 affecting package pytorch for versions less than 2.0.0-4
CVE-2024-31580 affecting package pytorch for versions less than 2.0.0-4. A patched version of the package is available...
CVE-2024-27319 affecting package pytorch for versions less than 2.0.0-4
CVE-2024-27319 affecting package pytorch for versions less than 2.0.0-4. A patched version of the package is available...