GHSA-CGWC-QVRX-RF7F Remote code execution in pytorch lightning

A remote code execution RCE vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the deepdiff library. The library uses deepdiff.Delta objects to modify application state base...

CVE-2024-5452

A remote code execution RCE vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the deepdiff library. The library uses deepdiff.Delta objects to modify application state base...

CVE-2024-5452

CVE-2024-5452 affects lightning-ai/pytorch-lightning (v2.2.1) and arises from insecure deserialization via deepdiff.Delta, where dunder attributes can be manipulated to bypass whitelists and cause arbitrary attribute writes, yielding remote code execution (RCE) on self-hosted PyTorch Lightning ap...

CVE-2024-5452 RCE via Property/Class Pollution in lightning-ai/pytorch-lightning

A remote code execution RCE vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the deepdiff library. The library uses deepdiff.Delta objects to modify application state base...

PT-2024-36377 · Unknown +1 · Pytorch-Lightning +1

Name of the Vulnerable Software and Affected Versions: pytorch-lightning version 2.2.1 Description: A remote code execution issue exists due to improper handling of deserialized user input and mismanagement of dunder attributes by the deepdiff library. The library uses deepdiff.Delta objects to...