admetica (>=1.3.0 <=1.4.1), adversarial-insight-ml (=0.1.0) +151 more potentially affected by CVE-2024-8019 via pytorch-lightning (>=2.0.0 <=2.3.3)

pytorch-lightning PYPI version =2.0.0, =1.3.0, =1.8.15, =1.8.17, =1.8.14, =0.1.16, =1.0.0, =0.8.3b20230802, =0.8.3b20230802, =0.8.3b20230802, =1.1.2b20241106 and more Source cves: CVE-2024-8019 Source advisory: SNYK:PYTHON-PYTORCHLIGHTNING-9510928...

ablation (=0.1.0), acids-msprior (>=1.0.1 <=1.1.3) +521 more potentially affected by CVE-2024-8019 via pytorch-lightning (>=0.10.0 <=2.3.3)

pytorch-lightning PYPI version =0.10.0, =1.0.1, =2.1.16, =1.3.0, =1.8.15, =1.8.17, =1.8.14, =0.1.16, =0.2.2, =1.0.0.dev0 - arcagent =0.0.1 - arccmd =0.2.0 - arcmas =0.2.0 and more Source cves: CVE-2024-8019 Source advisory: OSV:GHSA-4CV3-V7PV-RFHF...

CVE-2024-8020

A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the /api/v1/state endpoint of LightningApp. This issue occurs due to improper handling of unexpected state values, which results in the server...

CVE-2024-8020

A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the /api/v1/state endpoint of LightningApp. This issue occurs due to improper handling of unexpected state values, which results in the server...

CVE-2024-8020 Denial of Service in lightning-ai/pytorch-lightning

A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the /api/v1/state endpoint of LightningApp. This issue occurs due to improper handling of unexpected state values, which results in the server...

CVE-2024-8020

CVE-2024-8020 (lightning-ai/pytorch-lightning, v2.3.2) exposes a DoS through an unexpected POST to the LightningApp API at /api/v1/state. The root cause is improper handling of unexpected state values, which can crash the server. Public references describe a DoS by sending crafted JSON (e.g., sta...

CVE-2024-8020 Denial of Service in lightning-ai/pytorch-lightning

A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the /api/v1/state endpoint of LightningApp. This issue occurs due to improper handling of unexpected state values, which results in the server...

CVE-2024-8019 Arbitrary File Write/Overwrite in lightning-ai/pytorch-lightning

In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the LightningApp when running on a Windows host. The vulnerability occurs at the /api/v1/uploadfile/ endpoint, allowing an attacker to write or overwrite arbitrary files by providing a crafted filename. This can lead to...

PT-2025-12205 · Lightning Ai · Pytorch-Lightning

Name of the Vulnerable Software and Affected Versions: pytorch-lightning version 2.3.2 Description: A vulnerability in pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the /api/v1/state endpoint of LightningApp. This issue...

Pytorch-Lightning 代码问题漏洞

Pytorch-Lightning is an open source lightweight PyTorch wrapper from Lightning AI open source in the US. Used for high performance Ai research. Pytorch-Lightning suffers from a code issue vulnerability that stems from the application's lack of effective validation of uploaded files. An attacker c...

PT-2025-12204 · Pypi · Pytorch-Lightning

Name of the Vulnerable Software and Affected Versions: lightning-ai/pytorch-lightning version 2.3.2 Description: A vulnerability exists in the LightningApp when running on a Windows host. The vulnerability occurs at the /api/v1/upload file/ endpoint, allowing an attacker to write or overwrite...

Exploit for Improper Control of Dynamically-Managed Code Resources in Lightningai Pytorch_Lightning

CVE-2024-5452 01. RCE 와 pytorch-lightning 개요 - 1 RCE 와...

CVE-2021-4118

pytorch-lightning is vulnerable to Deserialization of Untrusted Data...

CVE-2022-0845

Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0...

CVE-2024-5452

A remote code execution RCE vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the deepdiff library. The library uses deepdiff.Delta objects to modify application state base...

MAL-2024-10726 Malicious code in pytorch-lighting (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 62c64e574f5ad4d75ebc2c82d4cc48edb6185486f8379bfd2a7bd330ce94f50e A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...

pytorch-lightning vulnerable to Arbitrary File Write via /v1/runs API endpoint

A vulnerability in the /v1/runs API endpoint of lightning-ai/pytorch-lightning v2.2.4 allows attackers to exploit path traversal when extracting tar.gz files. When the LightningApp is running with the pluginserver, attackers can deploy malicious tar.gz plugins that embed arbitrary files with path...

GHSA-MR7H-W2QC-FFC2 pytorch-lightning vulnerable to Arbitrary File Write via /v1/runs API endpoint

A vulnerability in the /v1/runs API endpoint of lightning-ai/pytorch-lightning v2.2.4 allows attackers to exploit path traversal when extracting tar.gz files. When the LightningApp is running with the pluginserver, attackers can deploy malicious tar.gz plugins that embed arbitrary files with path...

CVE-2024-5980

A vulnerability in the /v1/runs API endpoint of lightning-ai/pytorch-lightning v2.2.4 allows attackers to exploit path traversal when extracting tar.gz files. When the LightningApp is running with the pluginserver, attackers can deploy malicious tar.gz plugins that embed arbitrary files with path...

CVE-2024-5980

A vulnerability in the /v1/runs API endpoint of lightning-ai/pytorch-lightning v2.2.4 allows attackers to exploit path traversal when extracting tar.gz files. When the LightningApp is running with the pluginserver, attackers can deploy malicious tar.gz plugins that embed arbitrary files with path...