Pytorch Lightning
CVE-2022-0845
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1Blast Radius
ecosystem impact- 6 pypi packages depend on pytorch-lightning (6 direct, 0 indirect)
Ecosystem-wide dependent count for version 1.6.0.
DescriptionNVD
Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0.
AnalysisAI
Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified as Code Injection (CWE-94), which allows attackers to inject and execute arbitrary code within the application. Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0. Affected products include: Lightningai Pytorch Lightning. Version information: prior to 1.6.0..
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Never evaluate user-controlled input as code. Use sandboxing, disable dangerous functions, apply strict input validation.
More in Pytorch Lightning
View allA vulnerability in the /v1/runs API endpoint of lightning-ai/pytorch-lightning v2.2.4 allows attackers to exploit path t
A remote code execution (RCE) vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to im
Remote code execution in PyTorch Lightning through 2.6.5 allows an attacker who can get a victim to load a malicious che
pytorch-lightning is vulnerable to Deserialization of Untrusted Data. Rated high severity (CVSS 7.8), this vulnerability
A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sendi
In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the `LightningApp` when running on a Windows
Same weakness CWE-94 – Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today