Search for packages
| purl | pkg:pypi/pytorch-lightning@2.3.3 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-d6fc-w1wu-ckc1
Aliases: CVE-2024-8019 GHSA-4cv3-v7pv-rfhf |
PyTorch Lightning path traversal vulnerability In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the `LightningApp` when running on a Windows host. The vulnerability occurs at the `/api/v1/upload_file/` endpoint, allowing an attacker to write or overwrite arbitrary files by providing a crafted filename. This can lead to potential remote code execution (RCE) by overwriting critical files or placing malicious files in sensitive locations. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-3hhe-9pgj-ryfs | PyTorch Lightning denial of service vulnerability A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the `/api/v1/state` endpoint of `LightningApp`. This issue occurs due to improper handling of unexpected state values, which results in the server shutting down. |
CVE-2024-8020
GHSA-98fp-7v67-4v3q |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-06T05:43:08.147678+00:00 | GitLab Importer | Affected by | VCID-d6fc-w1wu-ckc1 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/pytorch-lightning/CVE-2024-8019.yml | 38.6.0 |
| 2026-06-06T05:42:47.741541+00:00 | GitLab Importer | Fixing | VCID-3hhe-9pgj-ryfs | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/pytorch-lightning/CVE-2024-8020.yml | 38.6.0 |