111 matches found
EUVD-2025-6922
Malicious code in bioql PyPI...
Multiple deserialization vulnerabilities in PyTorch Lightning 2.4.0 and earlier versions
Overview PyTorch Lightning versions 2.4.0 and earlier do not use any verification mechanisms to ensure that model files are safe to load before loading them. Users of PyTorch Lightning should use caution when loading models from unknown or unmanaged sources. Description PyTorch Lightning, a...
Pytorch-Lightning Code Issue Vulnerability
Pytorch-Lightning is an open source lightweight PyTorch wrapper from Lightning AI open source in the US. Used for high performance Ai research. Pytorch-Lightning suffers from a code issue vulnerability that stems from the application's lack of effective validation of uploaded files. An attacker c...
CVE-2024-8019
In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the LightningApp when running on a Windows host. The vulnerability occurs at the /api/v1/uploadfile/ endpoint, allowing an attacker to write or overwrite arbitrary files by providing a crafted filename. This can lead to...
CVE-2024-8020
A flaw was found in PyTorch Lightning. This vulnerability allows an attacker to cause a denial of service via an unexpected POST request to the /api/v1/state endpoint, leading to improper handling of state values and server shutdown. Mitigation Implementing an input validation on the server-side...
admetica (>=1.3.0 <=1.4.1), adversarial-insight-ml (=0.1.0) +151 more potentially affected by CVE-2024-8020 via pytorch-lightning (>=2.0.0 <=2.3.3)
pytorch-lightning PYPI version =2.0.0, =1.3.0, =1.8.15, =1.8.17, =1.8.14, =0.1.16, =1.0.0, =0.8.3b20230802, =0.8.3b20230802, =0.8.3b20230802, =1.1.2b20241106 and more Source cves: CVE-2024-8020 Source advisory: SNYK:PYTHON-PYTORCHLIGHTNING-9510929...
ablation (=0.1.0), acids-msprior (>=1.0.1 <=1.1.3) +489 more potentially affected by CVE-2024-8020 via pytorch-lightning (>=0.10.0 <=2.3.0)
pytorch-lightning PYPI version =0.10.0, =1.0.1, =2.1.16, =1.8.15, =1.8.17, =1.8.14, =0.2.2, =0.1.1, =0.1.1, =0.6.1rc0 and more Source cves: CVE-2024-8020 Source advisory: OSV:GHSA-98FP-7V67-4V3Q...
GHSA-98FP-7V67-4V3Q PyTorch Lightning denial of service vulnerability
A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the /api/v1/state endpoint of LightningApp. This issue occurs due to improper handling of unexpected state values, which results in the server...
PyTorch Lightning denial of service vulnerability
A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the /api/v1/state endpoint of LightningApp. This issue occurs due to improper handling of unexpected state values, which results in the server...
admetica (>=1.3.0 <=1.4.1), adversarial-insight-ml (=0.1.0) +151 more potentially affected by CVE-2024-8019 via pytorch-lightning (>=2.0.0 <=2.3.3)
pytorch-lightning PYPI version =2.0.0, =1.3.0, =1.8.15, =1.8.17, =1.8.14, =0.1.16, =1.0.0, =0.8.3b20230802, =0.8.3b20230802, =0.8.3b20230802, =1.1.2b20241106 and more Source cves: CVE-2024-8019 Source advisory: SNYK:PYTHON-PYTORCHLIGHTNING-9510928...
Arbitrary File Upload
Overview pytorch-lightning is a lightweight PyTorch wrapper for ML researchers. Scale your models. Write less boilerplate. Affected versions of this package are vulnerable to Arbitrary File Upload via the LightningApp when running on a Windows host at the /api/v1/uploadfile/ endpoint. An attacker...
ablation (=0.1.0), acids-msprior (>=1.0.1 <=1.1.3) +521 more potentially affected by CVE-2024-8019 via pytorch-lightning (>=0.10.0 <=2.3.3)
pytorch-lightning PYPI version =0.10.0, =1.0.1, =2.1.16, =1.3.0, =1.8.15, =1.8.17, =1.8.14, =0.1.16, =0.2.2, =1.0.0.dev0 - arcagent =0.0.1 - arccmd =0.2.0 - arcmas =0.2.0 and more Source cves: CVE-2024-8019 Source advisory: OSV:GHSA-4CV3-V7PV-RFHF...
GHSA-4CV3-V7PV-RFHF PyTorch Lightning path traversal vulnerability
In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the LightningApp when running on a Windows host. The vulnerability occurs at the /api/v1/uploadfile/ endpoint, allowing an attacker to write or overwrite arbitrary files by providing a crafted filename. This can lead to...
PyTorch Lightning path traversal vulnerability
In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the LightningApp when running on a Windows host. The vulnerability occurs at the /api/v1/uploadfile/ endpoint, allowing an attacker to write or overwrite arbitrary files by providing a crafted filename. This can lead to...
CVE-2024-8020
A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the /api/v1/state endpoint of LightningApp. This issue occurs due to improper handling of unexpected state values, which results in the server...
CVE-2024-8020 Denial of Service in lightning-ai/pytorch-lightning
A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the /api/v1/state endpoint of LightningApp. This issue occurs due to improper handling of unexpected state values, which results in the server...
CVE-2024-8020 Denial of Service in lightning-ai/pytorch-lightning
A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the /api/v1/state endpoint of LightningApp. This issue occurs due to improper handling of unexpected state values, which results in the server...
CVE-2024-8020 Denial of Service in lightning-ai/pytorch-lightning
A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the /api/v1/state endpoint of LightningApp. This issue occurs due to improper handling of unexpected state values, which results in the server...
CVE-2024-8020
CVE-2024-8020 (lightning-ai/pytorch-lightning, v2.3.2) exposes a DoS through an unexpected POST to the LightningApp API at /api/v1/state. The root cause is improper handling of unexpected state values, which can crash the server. Public references describe a DoS by sending crafted JSON (e.g., sta...
CVE-2024-8019 Arbitrary File Write/Overwrite in lightning-ai/pytorch-lightning
In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the LightningApp when running on a Windows host. The vulnerability occurs at the /api/v1/uploadfile/ endpoint, allowing an attacker to write or overwrite arbitrary files by providing a crafted filename. This can lead to...