CVE-2024-8019

Name of the Vulnerable Software and Affected Versions lightning-ai/pytorch-lightning version 2.3.2

Description A vulnerability exists in the LightningApp when running on a Windows host. The vulnerability occurs at the /api/v1/upload file/ endpoint, allowing an attacker to write or overwrite arbitrary files by providing a crafted filename. This can lead to potential remote code execution (RCE) by overwriting critical files or placing malicious files in sensitive locations.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.