CVE-2024-7804

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

AZL-59201 CVE-2024-7776 affecting package pytorch for versions less than 2.2.2-5

A vulnerability in the downloadmodel function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker to overwrite files i...

CVE-2024-6577

In the latest version of pytorch/serve, the script 'uploadresultstos3.sh' references the S3 bucket 'benchmarkai-metrics-prod' without ensuring its ownership or confirming its accessibility. This could lead to potential security vulnerabilities or unauthorized access to the bucket if it is not...

CVE-2024-7804

...

CVE-2024-7804

...

CVE-2024-7804

This CVE entry is rejected/not used and does not represent an active vulnerability entry.

CVE-2024-6577

CVE-2024-6577 affects pytorch/serve. The script upload_results_to_s3.sh references the S3 bucket benchmarkai-metrics-prod without verifying ownership or accessibility, potentially enabling data exposure or unauthorized modifications if the bucket is not properly secured. No explicit remediation o...

CVE-2024-6577 Unclaimed S3 Bucket Usage in pytorch/serve

In the latest version of pytorch/serve, the script 'uploadresultstos3.sh' references the S3 bucket 'benchmarkai-metrics-prod' without ensuring its ownership or confirming its accessibility. This could lead to potential security vulnerabilities or unauthorized access to the bucket if it is not...

CVE-2024-6577 Unclaimed S3 Bucket Usage in pytorch/serve

In the latest version of pytorch/serve, the script 'uploadresultstos3.sh' references the S3 bucket 'benchmarkai-metrics-prod' without ensuring its ownership or confirming its accessibility. This could lead to potential security vulnerabilities or unauthorized access to the bucket if it is not...

CVE-2024-8020

CVE-2024-8020 (lightning-ai/pytorch-lightning, v2.3.2) exposes a DoS through an unexpected POST to the LightningApp API at /api/v1/state. The root cause is improper handling of unexpected state values, which can crash the server. Public references describe a DoS by sending crafted JSON (e.g., sta...

CVE-2024-8020 Denial of Service in lightning-ai/pytorch-lightning

A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the /api/v1/state endpoint of LightningApp. This issue occurs due to improper handling of unexpected state values, which results in the server...

CVE-2024-8020 Denial of Service in lightning-ai/pytorch-lightning

A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the /api/v1/state endpoint of LightningApp. This issue occurs due to improper handling of unexpected state values, which results in the server...

CVE-2024-8019 Arbitrary File Write/Overwrite in lightning-ai/pytorch-lightning

In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the LightningApp when running on a Windows host. The vulnerability occurs at the /api/v1/uploadfile/ endpoint, allowing an attacker to write or overwrite arbitrary files by providing a crafted filename. This can lead to...

PyTorch 安全漏洞

PyTorch is a Python package open-sourced by PyTorch. PyTorch has a security vulnerability that stems from the uploadresultstos3.sh script not ensuring S3 bucket ownership, which could lead to data disclosure or unauthorized access...

Pytorch-Lightning 代码问题漏洞

Pytorch-Lightning is an open source lightweight PyTorch wrapper from Lightning AI open source in the US. Used for high performance Ai research. Pytorch-Lightning suffers from a code issue vulnerability that stems from the application's lack of effective validation of uploaded files. An attacker c...

PT-2025-12205 · Lightning Ai · Pytorch-Lightning

Name of the Vulnerable Software and Affected Versions: pytorch-lightning version 2.3.2 Description: A vulnerability in pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the /api/v1/state endpoint of LightningApp. This issue...

PT-2025-12204 · Pypi · Pytorch-Lightning

Name of the Vulnerable Software and Affected Versions: lightning-ai/pytorch-lightning version 2.3.2 Description: A vulnerability exists in the LightningApp when running on a Windows host. The vulnerability occurs at the /api/v1/upload file/ endpoint, allowing an attacker to write or overwrite...

编号撤回

PyTorch is a Python package in the PyTorch open source. This CVE number has been withdrawn...

CVE-2025-2149

A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function nnqSigmoid of the component Quantized Sigmoid Module. The manipulation of the argument scale/zeropoint leads to improper initialization. The attack needs to be approached...

CVE-2025-2148

A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function torch.ops.profiler.callendcallbacksonjitfut of the component Tuple Handler. The manipulation of the argument None leads to memory corruption. The attack can be launch...