CVE-2024-8019
published 2025-03-20CVE-2024-8019: In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the `LightningApp` when running on a Windows host. The vulnerability occurs at the…
PriorityP259critical9.1CVSS 3.1
AVNACLPRNUINSUCNIHAH
EPSS
1.02%
59.0th percentile
In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the `LightningApp` when running on a Windows host. The vulnerability occurs at the `/api/v1/upload_file/` endpoint, allowing an attacker to write or overwrite arbitrary files by providing a crafted filename. This can lead to potential remote code execution (RCE) by overwriting critical files or placing malicious files in sensitive locations.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lightning-ai | lightning-ai_pytorch-lightning | >= 0 < 2.4.0 | 2.4.0 |
| lightning-ai | lightning-ai_pytorch-lightning | >= unspecified < 2.3.3 | 2.3.3 |
| lightningai | pytorch_lightning | — | — |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
nvdv3.09.1CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
PyTorch Lightning path traversal vulnerability
ghsa·2025-03-20
CVE-2024-8019 [CRITICAL] CWE-434 PyTorch Lightning path traversal vulnerability
PyTorch Lightning path traversal vulnerability
In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the `LightningApp` when running on a Windows host. The vulnerability occurs at the `/api/v1/upload_file/` endpoint, allowing an attacker to write or overwrite arbitrary files by providing a crafted filename. This can lead to potential remote code execution (RCE) by overwriting critical files or placing malicious files in sensitive locations.
OSV
PyTorch Lightning path traversal vulnerability
osv·2025-03-20
CVE-2024-8019 [CRITICAL] PyTorch Lightning path traversal vulnerability
PyTorch Lightning path traversal vulnerability
In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the `LightningApp` when running on a Windows host. The vulnerability occurs at the `/api/v1/upload_file/` endpoint, allowing an attacker to write or overwrite arbitrary files by providing a crafted filename. This can lead to potential remote code execution (RCE) by overwriting critical files or placing malicious files in sensitive locations.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-03-20
Published