
We found results for “”
CVE-2024-8019
Good to know:

Date: March 20, 2025
In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the "LightningApp" when running on a Windows host. The vulnerability occurs at the "/api/v1/upload_file/" endpoint, allowing an attacker to write or overwrite arbitrary files by providing a crafted filename. This can lead to potential remote code execution (RCE) by overwriting critical files or placing malicious files in sensitive locations.
Severity Score
Related Resources (5)
Severity Score
Weakness Type (CWE)
Unrestricted Upload of File with Dangerous Type
CWE-434Top Fix

Upgrade Version
Upgrade to version pytorch-lightning - 2.3.2;pytorch-lightning - 2.4.0;pytorch-lightning - 2.3.2;https://github.com/lightning-ai/pytorch-lightning.git - 2.3.2
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | HIGH |
Availability (A): | HIGH |