CVE-2022-0845

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions PyTorch Lightning versions prior to 1.6.0

Description The issue allows for code injection, potentially enabling an attacker to execute commands on the target operating system. This can be achieved by setting the PL TRAINER GPUS variable when using the Trainer module.

Recommendations For versions prior to 1.6.0, update to version 1.6.0 to resolve the issue. As a temporary workaround, consider restricting the use of the Trainer module or avoiding the setting of the PL TRAINER GPUS variable until the update is applied.

Exploit

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2022-0845

GHSA-R5QJ-CVF9-P85H

PYSEC-2022-181

Affected Products

Pytorch-Lightning

CVE-2022-0845

Weakness Enumeration

Related Identifiers

Affected Products

References · 14