CVE-2024-5980 in pytorch-lightningالمعلومات

الملخص

بحسب MITRE • 27/06/2024

A vulnerability in the /v1/runs API endpoint of lightning-ai/pytorch-lightning v2.2.4 allows attackers to exploit path traversal when extracting tar.gz files. When the LightningApp is running with the plugin_server, attackers can deploy malicious tar.gz plugins that embed arbitrary files with path traversal vulnerabilities. This can result in arbitrary files being written to any directory in the victim's local file system, potentially leading to remote code execution.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

Huntr.dev

حجز

13/06/2024

إفشاء

27/06/2024

الاعتدال

تمت الموافقة

إدخال

VDB-269864

CPE

جاهز

CWE

CWE-434 (مؤكد)

CVSS

9.8 (NVD)

EPSS

0.10734

KEV

لا

النشاطات

منخفض جدًا

القطاع

Hospital, Finance, ...

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2024-5980
NVD	https://nvd.nist.gov/vuln/detail/CVE-2024-5980
CVE Details	https://www.cvedetails.com/cve/CVE-2024-5980/

التالي ▸نظرة عامة ◂ السابق

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!