Safety vulnerability ID: 72092
The information on this page was manually curated by our Cybersecurity Intelligence Team.
A vulnerability in the /v1/runs API endpoint of lightning-ai/pytorch-lightning affected versions allows attackers to exploit path traversal when extracting tar.gz files. When LightningApp is running with the plugin_server, attackers can deploy malicious tar.gz plugins that embed arbitrary files with path traversal vulnerabilities. This can result in arbitrary files being written to any directory in the victim's local file system, potentially leading to remote code execution.
Latest version: 2.4.0
The Deep Learning framework to train, deploy, and ship AI products Lightning fast.
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application