cbcvebase.

Lightning-Ai Pytorch-Lightning vulnerabilities

4 known vulnerabilities affecting lightning-ai/lightning-ai_pytorch-lightning.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH1

Vulnerabilities

Page 1 of 1
CVE-2024-5452P2CRITICALCVSS 9.8≥ unspecified, < 2.3.32024-06-06
CVE-2024-5452 [CRITICAL] CWE-915 CVE-2024-5452: A remote code execution (RCE) vulnerability exists in the lightning-ai/pytorch-lightning library ver A remote code execution (RCE) vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the `deepdiff` library. The library uses `deepdiff.Delta` objects to modify application state based on frontend actions. However, it is possible t
nvd
CVE-2024-8019P2CRITICALCVSS 9.1≥ unspecified, < 2.3.32025-03-20
CVE-2024-8019 [CRITICAL] CWE-434 CVE-2024-8019: In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the `LightningApp` when r In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the `LightningApp` when running on a Windows host. The vulnerability occurs at the `/api/v1/upload_file/` endpoint, allowing an attacker to write or overwrite arbitrary files by providing a crafted filename. This can lead to potential remote code execution (RCE) by overwritin
ghsanvdosv
CVE-2024-5980P2CRITICALCVSS 9.8≥ unspecified, < 2.3.32024-06-27
CVE-2024-5980 [CRITICAL] CWE-22 CVE-2024-5980: A vulnerability in the /v1/runs API endpoint of lightning-ai/pytorch-lightning v2.2.4 allows attacke A vulnerability in the /v1/runs API endpoint of lightning-ai/pytorch-lightning v2.2.4 allows attackers to exploit path traversal when extracting tar.gz files. When the LightningApp is running with the plugin_server, attackers can deploy malicious tar.gz plugins that embed arbitrary files with path traversal vulnerabilities. This can result in arbitra
nvd
CVE-2024-8020P3HIGHCVSS 7.5≥ unspecified, ≤ latest2025-03-20
CVE-2024-8020 [HIGH] CWE-248 CVE-2024-8020: A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the `/api/v1/state` endpoint of `LightningApp`. This issue occurs due to improper handling of unexpected state values, which results in the server shutting down.
ghsanvdosv
Lightning-Ai Pytorch-Lightning vulnerabilities | cvebase