Lucene search
K
LightningaiPytorch Lightning

8 matches found

CVE
CVE
added 2025/03/20 10:9 a.m.256 views

CVE-2024-8020

CVE-2024-8020 (lightning-ai/pytorch-lightning, v2.3.2) exposes a DoS through an unexpected POST to the LightningApp API at /api/v1/state. The root cause is improper handling of unexpected state values, which can crash the server. Public references describe a DoS by sending crafted JSON (e.g., sta...

7.5CVSS7.4AI score0.00588EPSS
Web
CVE
CVE
added 2022/03/05 9:25 p.m.158 views

CVE-2022-0845

CVE-2022-0845 affects PyTorch Lightning (repository pytorchlightning/pytorch-lightning) and is a Code Injection vulnerability present in releases prior to 1.6.0. Public descriptions indicate an injection path enabling code execution and, in some sources, exploitation of trainer configuration (e.g...

10CVSS8.6AI score0.00965EPSS
CVE
CVE
added 2024/06/27 6:46 p.m.96 views

CVE-2024-5980

The CVE-2024-5980 entry describes a path-traversal vulnerability in lightning-ai/pytorch-lightning v2.2.4 exposed via the /v1/runs API endpoint. When the LightningApp runs with the plugin_server, malicious tar.gz plugins can embed arbitrary files using path traversal, allowing writes to arbitrary...

9.8CVSS9.5AI score0.01307EPSS
CVE
CVE
added 2021/12/23 5:15 p.m.87 views

CVE-2021-4118

CVE-2021-4118 affects pytorch-lightning and is described as a Deserialization of Untrusted Data vulnerability. The CVSS3 data in the records indicates a HIGH impact on confidentiality, integrity, and availability with a LOCAL attack vector, LOW attack complexity, no privileges required, and USER ...

7.8CVSS7.5AI score0.00978EPSS
CVE
CVE
added 2025/03/20 10:8 a.m.76 views

CVE-2024-8019

Lightning AI PyTorch Lightning 2.3.2 exposes a vulnerable LightningApp on Windows via /api/v1/upload_file/. An attacker can write/overwrite arbitrary files by crafting a filename, potentially enabling remote code execution (RCE) and compromising integrity and availability (CVSS 3.1/3.0: 9.1). Aff...

9.1CVSS9.4AI score0.01019EPSS
Web
CVE
CVE
added 2024/06/06 5:54 p.m.67 views

CVE-2024-5452

CVE-2024-5452 affects lightning-ai/pytorch-lightning (v2.2.1) and arises from insecure deserialization via deepdiff.Delta, where dunder attributes can be manipulated to bypass whitelists and cause arbitrary attribute writes, yielding remote code execution (RCE) on self-hosted PyTorch Lightning ap...

9.8CVSS9.9AI score0.26488EPSS
Web
CVE
CVE
added 2026/05/14 2:59 p.m.33 views

CVE-2026-44484

PyTorch Lightning PyPI package versions 2.6.2 and 2.6.3 have been compromised, introducing functionality consistent with a credential harvesting mechanism. This is reflected across CVE-2026-44484 and associated advisories (GHSA-w37p-236h-pfx3; OSV). The root cause is under investigation; affected...

9.8CVSS5.8AI score0.00392EPSS
CVE
CVE
added 2026/05/12 12:0 a.m.20 views

CVE-2026-31221

PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability (CWE-502) in the checkpoint loading mechanism. The LightningModule.load_from_checkpoint() (and related checkpoint loading paths) call torch.load() without weights_only=True, allowing deserialization of ...

8.8CVSS6.3AI score0.00385EPSS