Lucene search
+L

111 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2025-6922

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00588EPSS
Exploits1References3
CERT
CERT
added 2025/04/03 12:0 a.m.22 views

Multiple deserialization vulnerabilities in PyTorch Lightning 2.4.0 and earlier versions

Overview PyTorch Lightning versions 2.4.0 and earlier do not use any verification mechanisms to ensure that model files are safe to load before loading them. Users of PyTorch Lightning should use caution when loading models from unknown or unmanaged sources. Description PyTorch Lightning, a...

7.9AI score
Exploits0References4
CNVD
CNVD
added 2025/03/27 12:0 a.m.7 views

Pytorch-Lightning Code Issue Vulnerability

Pytorch-Lightning is an open source lightweight PyTorch wrapper from Lightning AI open source in the US. Used for high performance Ai research. Pytorch-Lightning suffers from a code issue vulnerability that stems from the application's lack of effective validation of uploaded files. An attacker c...

9.1CVSS8.2AI score0.01019EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/22 11:16 a.m.10 views

CVE-2024-8019

In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the LightningApp when running on a Windows host. The vulnerability occurs at the /api/v1/uploadfile/ endpoint, allowing an attacker to write or overwrite arbitrary files by providing a crafted filename. This can lead to...

9.1CVSS7.8AI score0.01019EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/20 3:28 p.m.11 views

CVE-2024-8020

A flaw was found in PyTorch Lightning. This vulnerability allows an attacker to cause a denial of service via an unexpected POST request to the /api/v1/state endpoint, leading to improper handling of state values and server shutdown. Mitigation Implementing an input validation on the server-side...

7.5CVSS7.2AI score0.00588EPSS
Exploits1References4
vulnersOsv
vulnersOsv
added 2025/03/20 12:32 p.m.4 views

admetica (>=1.3.0 <=1.4.1), adversarial-insight-ml (=0.1.0) +151 more potentially affected by CVE-2024-8020 via pytorch-lightning (>=2.0.0 <=2.3.3)

pytorch-lightning PYPI version =2.0.0, =1.3.0, =1.8.15, =1.8.17, =1.8.14, =0.1.16, =1.0.0, =0.8.3b20230802, =0.8.3b20230802, =0.8.3b20230802, =1.1.2b20241106 and more Source cves: CVE-2024-8020 Source advisory: SNYK:PYTHON-PYTORCHLIGHTNING-9510929...

7.5CVSS7AI score0.00588EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2025/03/20 12:32 p.m.10 views

ablation (=0.1.0), acids-msprior (>=1.0.1 <=1.1.3) +489 more potentially affected by CVE-2024-8020 via pytorch-lightning (>=0.10.0 <=2.3.0)

pytorch-lightning PYPI version =0.10.0, =1.0.1, =2.1.16, =1.8.15, =1.8.17, =1.8.14, =0.2.2, =0.1.1, =0.1.1, =0.6.1rc0 and more Source cves: CVE-2024-8020 Source advisory: OSV:GHSA-98FP-7V67-4V3Q...

7.5CVSS7.1AI score0.00588EPSS
Exploits1
OSV
OSV
added 2025/03/20 12:32 p.m.13 views

GHSA-98FP-7V67-4V3Q PyTorch Lightning denial of service vulnerability

A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the /api/v1/state endpoint of LightningApp. This issue occurs due to improper handling of unexpected state values, which results in the server...

7.5CVSS7AI score0.00588EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.15 views

PyTorch Lightning denial of service vulnerability

A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the /api/v1/state endpoint of LightningApp. This issue occurs due to improper handling of unexpected state values, which results in the server...

7.5CVSS6.7AI score0.00588EPSS
Exploits1References3Affected Software1
vulnersOsv
vulnersOsv
added 2025/03/20 12:32 p.m.7 views

admetica (>=1.3.0 <=1.4.1), adversarial-insight-ml (=0.1.0) +151 more potentially affected by CVE-2024-8019 via pytorch-lightning (>=2.0.0 <=2.3.3)

pytorch-lightning PYPI version =2.0.0, =1.3.0, =1.8.15, =1.8.17, =1.8.14, =0.1.16, =1.0.0, =0.8.3b20230802, =0.8.3b20230802, =0.8.3b20230802, =1.1.2b20241106 and more Source cves: CVE-2024-8019 Source advisory: SNYK:PYTHON-PYTORCHLIGHTNING-9510928...

9.1CVSS7.2AI score0.01019EPSS
Exploits1
Snyk
Snyk
added 2025/03/20 12:32 p.m.5 views

Arbitrary File Upload

Overview pytorch-lightning is a lightweight PyTorch wrapper for ML researchers. Scale your models. Write less boilerplate. Affected versions of this package are vulnerable to Arbitrary File Upload via the LightningApp when running on a Windows host at the /api/v1/uploadfile/ endpoint. An attacker...

9.1CVSS8.2AI score0.01019EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2025/03/20 12:32 p.m.3 views

ablation (=0.1.0), acids-msprior (>=1.0.1 <=1.1.3) +521 more potentially affected by CVE-2024-8019 via pytorch-lightning (>=0.10.0 <=2.3.3)

pytorch-lightning PYPI version =0.10.0, =1.0.1, =2.1.16, =1.3.0, =1.8.15, =1.8.17, =1.8.14, =0.1.16, =0.2.2, =1.0.0.dev0 - arcagent =0.0.1 - arccmd =0.2.0 - arcmas =0.2.0 and more Source cves: CVE-2024-8019 Source advisory: OSV:GHSA-4CV3-V7PV-RFHF...

9.1CVSS7.7AI score0.01019EPSS
Exploits1
OSV
OSV
added 2025/03/20 12:32 p.m.7 views

GHSA-4CV3-V7PV-RFHF PyTorch Lightning path traversal vulnerability

In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the LightningApp when running on a Windows host. The vulnerability occurs at the /api/v1/uploadfile/ endpoint, allowing an attacker to write or overwrite arbitrary files by providing a crafted filename. This can lead to...

9.1CVSS8AI score0.01019EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.20 views

PyTorch Lightning path traversal vulnerability

In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the LightningApp when running on a Windows host. The vulnerability occurs at the /api/v1/uploadfile/ endpoint, allowing an attacker to write or overwrite arbitrary files by providing a crafted filename. This can lead to...

9.1CVSS7.6AI score0.01019EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2025/03/20 10:15 a.m.9 views

CVE-2024-8020

A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the /api/v1/state endpoint of LightningApp. This issue occurs due to improper handling of unexpected state values, which results in the server...

7.5CVSS0.00588EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:9 a.m.6 views

CVE-2024-8020 Denial of Service in lightning-ai/pytorch-lightning

A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the /api/v1/state endpoint of LightningApp. This issue occurs due to improper handling of unexpected state values, which results in the server...

7.5CVSS7.4AI score0.00588EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/20 10:9 a.m.17 views

CVE-2024-8020 Denial of Service in lightning-ai/pytorch-lightning

A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the /api/v1/state endpoint of LightningApp. This issue occurs due to improper handling of unexpected state values, which results in the server...

7.5CVSS0.00588EPSS
Exploits1References1
OSV
OSV
added 2025/03/20 10:9 a.m.9 views

CVE-2024-8020 Denial of Service in lightning-ai/pytorch-lightning

A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the /api/v1/state endpoint of LightningApp. This issue occurs due to improper handling of unexpected state values, which results in the server...

7.5CVSS7.1AI score0.00588EPSS
Exploits1References3
CVE
CVE
added 2025/03/20 10:9 a.m.259 views

CVE-2024-8020

CVE-2024-8020 (lightning-ai/pytorch-lightning, v2.3.2) exposes a DoS through an unexpected POST to the LightningApp API at /api/v1/state. The root cause is improper handling of unexpected state values, which can crash the server. Public references describe a DoS by sending crafted JSON (e.g., sta...

7.5CVSS7.4AI score0.00588EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/03/20 10:8 a.m.12 views

CVE-2024-8019 Arbitrary File Write/Overwrite in lightning-ai/pytorch-lightning

In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the LightningApp when running on a Windows host. The vulnerability occurs at the /api/v1/uploadfile/ endpoint, allowing an attacker to write or overwrite arbitrary files by providing a crafted filename. This can lead to...

9.1CVSS0.01019EPSS
Exploits1References2
Rows per page
Query Builder