CVE-2024-8020
- EPSS 0.06%
- Veröffentlicht 20.03.2025 10:09:26
- Zuletzt bearbeitet 15.10.2025 13:15:53
A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the `/api/v1/state` endpoint of `LightningApp`. This issue occurs due to improper handling of une...
CVE-2024-8019
- EPSS 1.11%
- Veröffentlicht 20.03.2025 10:08:48
- Zuletzt bearbeitet 01.08.2025 01:42:57
In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the `LightningApp` when running on a Windows host. The vulnerability occurs at the `/api/v1/upload_file/` endpoint, allowing an attacker to write or overwrite arbitrary files ...
CVE-2024-5980
- EPSS 10.73%
- Veröffentlicht 27.06.2024 19:15:18
- Zuletzt bearbeitet 15.10.2025 13:15:48
A vulnerability in the /v1/runs API endpoint of lightning-ai/pytorch-lightning v2.2.4 allows attackers to exploit path traversal when extracting tar.gz files. When the LightningApp is running with the plugin_server, attackers can deploy malicious tar...
CVE-2024-5452
- EPSS 56.72%
- Veröffentlicht 06.06.2024 18:15:20
- Zuletzt bearbeitet 15.10.2025 13:15:46
A remote code execution (RCE) vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the `deepdiff` library. The library uses `dee...
- EPSS 0.27%
- Veröffentlicht 05.03.2022 22:15:07
- Zuletzt bearbeitet 21.11.2024 06:39:30
Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0.
CVE-2021-4118
- EPSS 0.27%
- Veröffentlicht 23.12.2021 18:15:07
- Zuletzt bearbeitet 21.11.2024 06:36:56
pytorch-lightning is vulnerable to Deserialization of Untrusted Data