High severityNVD Advisory· Published Mar 20, 2025· Updated Oct 15, 2025

Denial of Service in lightning-ai/pytorch-lightning

CVE-2024-8020

Description

A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the /api/v1/state endpoint of LightningApp. This issue occurs due to improper handling of unexpected state values, which results in the server shutting down.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
pytorch-lightningPyPI	<= 2.3.2	—

Affected products

Light/Lightning AI/pytorch Lightningv5
Range: unspecified

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-98fp-7v67-4v3qghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-8020ghsaADVISORY
huntr.com/bounties/8b642a78-2b80-4fb0-9b2f-8ba0ff37db6aghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000