icon

We found results for “

CVE-2024-8019

Good to know:

icon

Date: March 20, 2025

In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the "LightningApp" when running on a Windows host. The vulnerability occurs at the "/api/v1/upload_file/" endpoint, allowing an attacker to write or overwrite arbitrary files by providing a crafted filename. This can lead to potential remote code execution (RCE) by overwriting critical files or placing malicious files in sensitive locations.

Severity Score

Severity Score

Weakness Type (CWE)

Unrestricted Upload of File with Dangerous Type

CWE-434

Top Fix

icon

Upgrade Version

Upgrade to version pytorch-lightning - 2.3.2;pytorch-lightning - 2.4.0;pytorch-lightning - 2.3.2;https://github.com/lightning-ai/pytorch-lightning.git - 2.3.2

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): HIGH
Availability (A): HIGH

Do you need more information?

Contact Us