CBL Mariner 2.0 Security Update: pytorch (CVE-2024-31580)

The version of pytorch installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-31580 advisory. - PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component...

Pytorch-Lightning Code Issue Vulnerability

Pytorch-Lightning is an open source lightweight PyTorch wrapper from Lightning AI open source in the US. Used for high performance Ai research. Pytorch-Lightning suffers from a code issue vulnerability that stems from the application's lack of effective validation of uploaded files. An attacker c...

Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to PyTorch to execute arbitrary code on the system.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component may be vulnerable to PyTorch arbitrary code execution of Python code through the use of torch. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-48063...

CVE-2024-6577

In the latest version of pytorch/serve, the script 'uploadresultstos3.sh' references the S3 bucket 'benchmarkai-metrics-prod' without ensuring its ownership or confirming its accessibility. This could lead to potential security vulnerabilities or unauthorized access to the bucket if it is not...

CVE-2024-7804

A flaw was found in PyTorch. This vulnerability allows an attacker to execute arbitrary code remotely via a maliciously crafted serialized PythonUDF object. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security...

CVE-2024-8019

In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the LightningApp when running on a Windows host. The vulnerability occurs at the /api/v1/uploadfile/ endpoint, allowing an attacker to write or overwrite arbitrary files by providing a crafted filename. This can lead to...

CVE-2024-8020

A flaw was found in PyTorch Lightning. This vulnerability allows an attacker to cause a denial of service via an unexpected POST request to the /api/v1/state endpoint, leading to improper handling of state values and server shutdown. Mitigation Implementing an input validation on the server-side...

ablation (=0.1.0), acids-msprior (>=1.0.1 <=1.1.3) +490 more potentially affected by CVE-2024-8020 via pytorch-lightning (>=0.10.0 <=2.3.0)

pytorch-lightning PYPI version =0.10.0, =1.0.1, =2.1.16, =1.8.15, =1.8.17, =1.8.14, =0.2.2, =0.1.1, =0.1.1, =0.6.1rc0 and more Source cves: CVE-2024-8020 Source advisory: OSV:GHSA-98FP-7V67-4V3Q...

PyTorch Lightning denial of service vulnerability

A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the /api/v1/state endpoint of LightningApp. This issue occurs due to improper handling of unexpected state values, which results in the server...

GHSA-98FP-7V67-4V3Q PyTorch Lightning denial of service vulnerability

A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the /api/v1/state endpoint of LightningApp. This issue occurs due to improper handling of unexpected state values, which results in the server...

admetica (>=1.3.0 <=1.4.1), adversarial-insight-ml (=0.1.0) +151 more potentially affected by CVE-2024-8020 via pytorch-lightning (>=2.0.0 <=2.3.3)

pytorch-lightning PYPI version =2.0.0, =1.3.0, =1.8.15, =1.8.17, =1.8.14, =0.1.16, =1.0.0, =0.8.3b20230802, =0.8.3b20230802, =0.8.3b20230802, =1.1.2b20241106 and more Source cves: CVE-2024-8020 Source advisory: SNYK:PYTHON-PYTORCHLIGHTNING-9510929...

GHSA-4CV3-V7PV-RFHF PyTorch Lightning path traversal vulnerability

In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the LightningApp when running on a Windows host. The vulnerability occurs at the /api/v1/uploadfile/ endpoint, allowing an attacker to write or overwrite arbitrary files by providing a crafted filename. This can lead to...

admetica (>=1.3.0 <=1.4.1), adversarial-insight-ml (=0.1.0) +151 more potentially affected by CVE-2024-8019 via pytorch-lightning (>=2.0.0 <=2.3.3)

pytorch-lightning PYPI version =2.0.0, =1.3.0, =1.8.15, =1.8.17, =1.8.14, =0.1.16, =1.0.0, =0.8.3b20230802, =0.8.3b20230802, =0.8.3b20230802, =1.1.2b20241106 and more Source cves: CVE-2024-8019 Source advisory: SNYK:PYTHON-PYTORCHLIGHTNING-9510928...

PyTorch Lightning path traversal vulnerability

In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the LightningApp when running on a Windows host. The vulnerability occurs at the /api/v1/uploadfile/ endpoint, allowing an attacker to write or overwrite arbitrary files by providing a crafted filename. This can lead to...

GHSA-4VMG-RW8F-92F9 Withdrawn Advisory: PyTorch deserialization vulnerability

Withdrawn Advisory This advisory has been withdrawn because it describes known functionality of PyTorch. This link is maintained to preserve external references. Original Description A deserialization vulnerability exists in the Pytorch RPC framework torch.distributed.rpc in pytorch/pytorch...

Withdrawn Advisory: PyTorch deserialization vulnerability

Withdrawn Advisory This advisory has been withdrawn because it describes known functionality of PyTorch. This link is maintained to preserve external references. Original Description A deserialization vulnerability exists in the Pytorch RPC framework torch.distributed.rpc in pytorch/pytorch...

ablation (=0.1.0), acids-msprior (>=1.0.1 <=1.1.3) +522 more potentially affected by CVE-2024-8019 via pytorch-lightning (>=0.10.0 <=2.3.3)

pytorch-lightning PYPI version =0.10.0, =1.0.1, =2.1.16, =1.3.0, =1.8.15, =1.8.17, =1.8.14, =0.1.16, =0.2.2, =1.0.0.dev0 - arcagent =0.0.1 - arccmd =0.2.0 - arcmas =0.2.0 and more Source cves: CVE-2024-8019 Source advisory: OSV:GHSA-4CV3-V7PV-RFHF...

Arbitrary File Upload

Overview pytorch-lightning is a lightweight PyTorch wrapper for ML researchers. Scale your models. Write less boilerplate. Affected versions of this package are vulnerable to Arbitrary File Upload via the LightningApp when running on a Windows host at the /api/v1/uploadfile/ endpoint. An attacker...

CVE-2024-8020

A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the /api/v1/state endpoint of LightningApp. This issue occurs due to improper handling of unexpected state values, which results in the server...

CVE-2024-8020

A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the /api/v1/state endpoint of LightningApp. This issue occurs due to improper handling of unexpected state values, which results in the server...