Security Advisory

CVE-2024-8019

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-03-20 10:08:48

Last updated 2025-03-20 19:02:39

Assigner @huntr_ai

State PUBLISHED

Description

In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the `LightningApp` when running on a Windows host. The vulnerability occurs at the `/api/v1/upload_file/` endpoint, allowing an attacker to write or overwrite arbitrary files by providing a crafted filename. This can lead to potential remote code execution (RCE) by overwriting critical files or placing malicious files in sensitive locations.

← Browse all CVEs View on cve.org ↗