Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Arbitrary File Write/Overwrite in lightning-ai/pytorch-lightning
Vulnerability Description
In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the `LightningApp` when running on a Windows host. The vulnerability occurs at the `/api/v1/upload_file/` endpoint, allowing an attacker to write or overwrite arbitrary files by providing a crafted filename. This can lead to potential remote code execution (RCE) by overwriting critical files or placing malicious files in sensitive locations.
CVSS Information
N/A
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
Pytorch-Lightning 代码问题漏洞
Vulnerability Description
Pytorch-Lightning是美国Lightning AI开源的一个开源轻量级 PyTorch 包装器。用于高性能 Ai 研究。 Pytorch-Lightning 2.3.2版本存在代码问题漏洞,该漏洞源于Windows主机上的文件上传端点,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A