GHSA-r5qj-cvf9-p85h
Suggest an improvement- Source
- https://github.com/advisories/GHSA-r5qj-cvf9-p85h
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-r5qj-cvf9-p85h/GHSA-r5qj-cvf9-p85h.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-r5qj-cvf9-p85h
- Aliases
- Published
- 2022-03-06T00:00:16Z
- Modified
- 2024-10-25T21:00:51.992441Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- 9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Code Injection in PyTorch Lightning
- Details
-
PyTorch Lightning version 1.5.10 and prior is vulnerable to code injection. An attacker could execute commands on the target OS running the operating system by setting the
PL_TRAINER_GPUSwhen using theTrainermodule. A patch is included in the1.6.0release. - Database specific
{ "nvd_published_at": "2022-03-05T22:15:00Z", "cwe_ids": [ "CWE-94" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2022-03-07T19:58:34Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2022-0845
- https://github.com/PyTorchLightning/pytorch-lightning/pull/12212
- https://github.com/pytorchlightning/pytorch-lightning/commit/8b7a12c52e52a06408e9231647839ddb4665e8ae
- https://github.com/advisories/GHSA-r5qj-cvf9-p85h
- https://github.com/pypa/advisory-database/tree/main/vulns/pytorch-lightning/PYSEC-2022-181.yaml
- https://github.com/pytorchlightning/pytorch-lightning
- https://huntr.dev/bounties/a795bf93-c91e-4c79-aae8-f7d8bda92e2a
Affected packages
PyPI / pytorch-lightning
Package
- Name
- pytorch-lightning
- View open source insights on deps.dev
- Purl
- pkg:pypi/pytorch-lightning
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.6.0
Affected versions
0.*
0.0.2
0.2
0.2.2
0.2.3
0.2.4
0.2.4.1
0.2.5
0.2.5.1
0.2.5.2
0.2.6
0.3
0.3.1
0.3.2
0.3.3
0.3.4
0.3.4.1
0.3.5
0.3.6
0.3.6.1
0.3.6.3
0.3.6.4
0.3.6.5
0.3.6.6
0.3.6.7
0.3.6.8
0.3.6.9
0.4.0
0.4.1
0.4.2
0.4.3
0.4.4
0.4.5
0.4.6
0.4.7
0.4.8
0.4.9
0.5.0
0.5.1
0.5.1.2
0.5.1.3
0.5.2
0.5.2.1
0.5.3
0.5.3.1
0.5.3.2
0.5.3.3
0.6.0
0.7.1
0.7.3
0.7.5
0.7.6
0.8.1
0.8.3
0.8.4
0.8.5
0.9.0
0.10.0
1.*
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.1.0
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.1.6
1.1.7
1.1.8
1.2.0rc0
1.2.0rc1
1.2.0rc2
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.2.7
1.2.8
1.2.9
1.2.10
1.3.0rc1
1.3.0rc2
1.3.0rc3
1.3.0
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
1.3.6
1.3.7
1.3.7.post0
1.3.8
1.4.0rc0
1.4.0rc1
1.4.0rc2
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
1.4.7
1.4.8
1.4.9
1.5.0rc0
1.5.0rc1
1.5.0
1.5.1
1.5.2
1.5.3
1.5.4
1.5.5
1.5.6
1.5.7
1.5.8
1.5.9
1.5.10
1.6.0rc0
1.6.0rc1