Code Injection

Description The attacker can execute commands on the target OS running the operating system by setting the PLTRAINERGPUS when using the Trainer module. Proof of Concept bash $ pip3 install pytorch-lightning python import os from pytorchlightning import Trainer from...

AZL-41431 CVE-2021-22569 affecting package pytorch for versions less than 2.2.2-5

An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated...

anomalib (>=0.2.2 <=0.2.4), argos-trains (=0.1.0) +174 more potentially affected by CVE-2021-4118 via pytorch-lightning (>=0.10.0 <=1.5.9)

pytorch-lightning PYPI version =0.10.0, =0.2.2, =0.1.1, =0.3.2b20220222, =0.3.2b20220222, =0.0.1, =0.0.7, =3.0.0, =3.3.0 and more Source cves: CVE-2021-4118 Source advisory: OSV:GHSA-2VJ5-PX25-GJRP...

pytorch-lightning is vulnerable to Deserialization of Untrusted Data

pytorch-lightning is vulnerable to Deserialization of Untrusted Data...

GHSA-2VJ5-PX25-GJRP pytorch-lightning is vulnerable to Deserialization of Untrusted Data

pytorch-lightning is vulnerable to Deserialization of Untrusted Data...

Pytorch-Lightning code issue vulnerability

Pytorch-Lightning is an open source lightweight PyTorch wrapper. Used for high-performance Ai research. pytorch-lightning suffers from a code issue vulnerability that stems from the software's tendency to deserialize untrustworthy data, which can be exploited by an attacker to cause code executio...

CVE-2021-4118

pytorch-lightning is vulnerable to Deserialization of Untrusted Data...

CVE-2021-4118

pytorch-lightning is vulnerable to Deserialization of Untrusted Data...

CVE-2021-4118

pytorch-lightning is vulnerable to Deserialization of Untrusted Data...

anomalib (>=0.2.2 <=0.2.4), argos-trains (=0.1.0) +174 more potentially affected by CVE-2021-4118 via pytorch-lightning (>=0.10.0 <=1.5.9)

pytorch-lightning PYPI version =0.10.0, =0.2.2, =0.1.1, =0.3.2b20220222, =0.3.2b20220222, =0.0.1, =0.0.7, =3.0.0, =3.3.0 and more Source cves: CVE-2021-4118 Source advisory: OSV:PYSEC-2021-874...

PYSEC-2021-874

pytorch-lightning is vulnerable to Deserialization of Untrusted Data...

Deserialization of untrusted data

pytorch-lightning is vulnerable to Deserialization of Untrusted Data...

PYSEC-2021-874

pytorch-lightning is vulnerable to Deserialization of Untrusted Data...

CVE-2021-4118 Deserialization of Untrusted Data in pytorchlightning/pytorch-lightning

pytorch-lightning is vulnerable to Deserialization of Untrusted Data...

CVE-2021-4118

CVE-2021-4118 affects pytorch-lightning and is described as a Deserialization of Untrusted Data vulnerability. The CVSS3 data in the records indicates a HIGH impact on confidentiality, integrity, and availability with a LOCAL attack vector, LOW attack complexity, no privileges required, and USER ...

Pytorch-Lightning 代码问题漏洞

Pytorch-Lightning is an open source lightweight PyTorch wrapper. Used for high-performance Ai research. pytorch-lightning suffers from a code issue vulnerability that stems from the software's tendency to deserialize untrustworthy data, which can be exploited by an attacker to cause code executio...

PT-2021-23155 · Pypi · Pytorch-Lightning

Name of the Vulnerable Software and Affected Versions: pytorch-lightning affected versions not specified Description: The issue concerns the deserialization of untrusted data in pytorch-lightning. There is no information provided about the estimated number of potentially affected devices worldwid...

CVE-2021-43811

Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An...

CVE-2021-43811

Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An...

PYSEC-2021-848

Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An...