Critical severityNVD Advisory· Published Mar 20, 2025· Updated Mar 20, 2025
Arbitrary File Write/Overwrite in lightning-ai/pytorch-lightning
CVE-2024-8019
Description
In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the LightningApp when running on a Windows host. The vulnerability occurs at the /api/v1/upload_file/ endpoint, allowing an attacker to write or overwrite arbitrary files by providing a crafted filename. This can lead to potential remote code execution (RCE) by overwriting critical files or placing malicious files in sensitive locations.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pytorch-lightningPyPI | < 2.4.0 | 2.4.0 |
Affected products
3- osv-coords2 versions
< 0+ 1 more
- (no CPE)range: < 0
- (no CPE)range: < 2.4.0
- Range: unspecified
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.