logo

Database

Asymmetric denial of service In pytorch-lightning

Description

PyTorch Lightning denial of service vulnerability A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the /api/v1/state endpoint of LightningApp. This issue occurs due to improper handling of unexpected state values, which results in the server shutting down.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2024-80202. NVD-2024-80203. OSV-2024-80204. GCVE-2024-8020

References

1. https://huntr.com/bounties/8b642a78-2b80-4fb0-9b2f-8ba0ff37db6a

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.