cbcvebase.
CVE-2024-8019
published 2025-03-20

CVE-2024-8019: In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the `LightningApp` when running on a Windows host. The vulnerability occurs at the…

PriorityP259critical9.1CVSS 3.1
AVNACLPRNUINSUCNIHAH
EPSS
1.02%
59.0th percentile
In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the `LightningApp` when running on a Windows host. The vulnerability occurs at the `/api/v1/upload_file/` endpoint, allowing an attacker to write or overwrite arbitrary files by providing a crafted filename. This can lead to potential remote code execution (RCE) by overwriting critical files or placing malicious files in sensitive locations.

Affected

3 ranges
VendorProductVersion rangeFixed in
lightning-ailightning-ai_pytorch-lightning>= 0 < 2.4.02.4.0
lightning-ailightning-ai_pytorch-lightning>= unspecified < 2.3.32.3.3
lightningaipytorch_lightning

CVSS provenance

nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
nvdv3.09.1CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.