Lucene search
Veracode Vulnerability DatabaseVERACODE:33451HistoryDec 24, 2021 - 8:47 a.m.
Deserialization Of Untrusted Data
2021-12-2408:47:33
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
0.001 Low
EPSS
Percentile
33.3%
pytorch_lightning is vulnerable to deserialization of untrusted data. The vulnerability is due to an insecure method call in load_hparams_from_yaml function of savings.py which allows a malicious attacker to send malicious yaml config files, leading to remote code execution.
| CPE | Name | Operator | Version |
|---|---|---|---|
| pytorch-lightning | le | 1.5.10 | |
| pytorch-lightning | le | 1.5.10 |
References
github.com/advisories/GHSA-2vj5-px25-gjrp
github.com/pytorchlightning/pytorch-lightning/commit/62f1e82e032eb16565e676d39e0db0cac7e34ace
github.com/PyTorchLightning/pytorch-lightning/pull/5619
huntr.dev/bounties/31832f0c-e5bb-4552-a12c-542f81f111e6
huntr.dev/bounties/31832f0c-e5bb-4552-a12c-542f81f111e6/
Related
cnvd
cnvd
Pytorch-Lightning code issue vulnerability
2021-12-27 00:00:00
cvelist
cvelist
nvd
nvd
CVE-2021-4118
2021-12-23 18:15:07
cve
cve
CVE-2021-4118
2021-12-23 18:15:07
osv
osv
PYSEC-2021-874
2021-12-23 18:15:00
pytorch-lightning is vulnerable to Deserialization of Untrusted Data
2022-01-06 23:58:59
CVE-2021-4118
2021-12-23 18:15:07
huntr
huntr
in pytorchlightning/pytorch-lightning
2021-12-12 20:29:05
prion
prion
Deserialization of untrusted data
2021-12-23 18:15:00
github
github
pytorch-lightning is vulnerable to Deserialization of Untrusted Data
2022-01-06 23:58:59