FLAT-EQN32 – Vulnerability | Fluid Attacks Database

Database

Description

pytorch-lightning is vulnerable to Deserialization of Untrusted Data pytorch-lightning is vulnerable to Deserialization of Untrusted Data.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
pypi	pytorch-lightning	>=0 <1.6.0	1.6.0

Aliases

1. CVE-2021-41182. NVD-2021-41183. OSV-2021-41184. GHSA-2vj5-px25-gjrp5. GCVE-2021-4118

References

1. https://github.com/PyTorchLightning/pytorch-lightning/issues/110452. https://github.com/PyTorchLightning/pytorch-lightning/pull/110993. https://github.com/pytorchlightning/pytorch-lightning/commit/62f1e82e032eb16565e676d39e0db0cac7e34ace4. https://github.com/PyTorchLightning/pytorch-lightning/releases/tag/1.6.05. https://github.com/pypa/advisory-database/tree/main/vulns/pytorch-lightning/PYSEC-2021-874.yaml6. https://huntr.dev/bounties/31832f0c-e5bb-4552-a12c-542f81f111e6

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.