1165 matches found
Pytorch-Lightning code issue vulnerability
Pytorch-Lightning is an open source lightweight PyTorch wrapper. Used for high-performance Ai research. pytorch-lightning suffers from a code issue vulnerability that stems from the software's tendency to deserialize untrustworthy data, which can be exploited by an attacker to cause code executio...
CVE-2021-4118
pytorch-lightning is vulnerable to Deserialization of Untrusted Data...
CVE-2021-4118
pytorch-lightning is vulnerable to Deserialization of Untrusted Data...
CVE-2021-4118
pytorch-lightning is vulnerable to Deserialization of Untrusted Data...
anomalib (>=0.2.2 <=0.2.4), argos-trains (=0.1.0) +174 more potentially affected by CVE-2021-4118 via pytorch-lightning (>=0.10.0 <=1.5.9)
pytorch-lightning PYPI version =0.10.0, =0.2.2, =0.1.1, =0.3.2b20220222, =0.3.2b20220222, =0.0.1, =0.0.7, =3.0.0, =3.3.0 and more Source cves: CVE-2021-4118 Source advisory: OSV:PYSEC-2021-874...
PYSEC-2021-874
pytorch-lightning is vulnerable to Deserialization of Untrusted Data...
Deserialization of untrusted data
pytorch-lightning is vulnerable to Deserialization of Untrusted Data...
PYSEC-2021-874
pytorch-lightning is vulnerable to Deserialization of Untrusted Data...
CVE-2021-4118 Deserialization of Untrusted Data in pytorchlightning/pytorch-lightning
pytorch-lightning is vulnerable to Deserialization of Untrusted Data...
CVE-2021-4118
CVE-2021-4118 affects pytorch-lightning and is described as a Deserialization of Untrusted Data vulnerability. The CVSS3 data in the records indicates a HIGH impact on confidentiality, integrity, and availability with a LOCAL attack vector, LOW attack complexity, no privileges required, and USER ...
PT-2021-23155 · Pypi · Pytorch-Lightning
Name of the Vulnerable Software and Affected Versions: pytorch-lightning affected versions not specified Description: The issue concerns the deserialization of untrusted data in pytorch-lightning. There is no information provided about the estimated number of potentially affected devices worldwid...
Pytorch-Lightning 代码问题漏洞
Pytorch-Lightning is an open source lightweight PyTorch wrapper. Used for high-performance Ai research. pytorch-lightning suffers from a code issue vulnerability that stems from the software's tendency to deserialize untrustworthy data, which can be exploited by an attacker to cause code executio...
CVE-2021-43811
Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An...
CVE-2021-43811
Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An...
PYSEC-2021-848
Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An...
CVE-2021-43811 Code injection via unsafe YAML loading
Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An...
CVE-2021-43811
Sockeye (PyTorch-based) vulnerable to code execution via unsafe YAML loading in model/data config files when using versions below 2.3.24; an attacker can inject malicious config, which executes locally when a user runs the model. The issue is fixed in 2.3.24. Practical impact is limited to users ...
AZL-41581 CVE-2021-22918 affecting package pytorch for versions less than 2.2.2-4
Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uvidnatoascii is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to...
Code Injection in jeikeilim/kindle
Description Kindle is an easy model build package for PyTorch. Building a deep learning model became so simple that almost all model can be made by copy and paste from other existing model codes, which is vulnerable to Arbitary Code Execution. Vulnerability Vulnerable to YAML deserialization atta...
in catalyst-team/catalyst
Description Catalyst is a PyTorch framework for Deep Learning research and development. It focuses on reproducibility, rapid experimentation, and codebase reuse so you can create something new rather than write another regular train loop. This package was vulnerable to Arbitrary code execution vi...