Code Injection in PyTorch Lightning
Critical severity
GitHub Reviewed
Published
Mar 6, 2022
to the GitHub Advisory Database
•
Updated Sep 7, 2023
Description
Published by the National Vulnerability Database
Mar 5, 2022
Published to the GitHub Advisory Database
Mar 6, 2022
Reviewed
Mar 7, 2022
Last updated
Sep 7, 2023
PyTorch Lightning version 1.5.10 and prior is vulnerable to code injection. An attacker could execute commands on the target OS running the operating system by setting the
PL_TRAINER_GPUS
when using theTrainer
module. A patch is included in the1.6.0
release.References