AI Threat Alert
Published March 5, 2022
Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to...
Full analysis pending. Showing NVD description excerpt.
Affected Systems
| Package | Ecosystem | Vulnerable Range | Patched |
|---|---|---|---|
| pytorch-lightning | pip | < 1.6.0 | 1.6.0 |
| pytorch_lightning | pip | — | No patch |
Severity & Risk
CVSS 3.1
9.8 / 10
EPSS
0.3%
chance of exploitation in 30 days
KEV Status
Not in KEV
Sophistication
N/A
Recommended Action
Patch available
Update pytorch-lightning to version 1.6.0
Compliance Impact
Compliance analysis pending. Sign in for full compliance mapping when available.
Technical Details
NVD Description
Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0.
Weaknesses (CWE)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References
- github.com/pytorchlightning/pytorch-lightning/commit/8b7a12c52e52a06408e9231647839ddb4665e8ae Patch 3rd Party
- huntr.dev/bounties/a795bf93-c91e-4c79-aae8-f7d8bda92e2a Exploit Issue Patch 3rd Party
- github.com/PyTorchLightning/pytorch-lightning/pull/12212
- github.com/advisories/GHSA-r5qj-cvf9-p85h
- github.com/pypa/advisory-database/tree/main/vulns/pytorch-lightning/PYSEC-2022-181.yaml
- github.com/pytorchlightning/pytorch-lightning/commit/8b7a12c52e52a06408e9231647839ddb4665e8ae
- huntr.dev/bounties/a795bf93-c91e-4c79-aae8-f7d8bda92e2a
- nvd.nist.gov/vuln/detail/CVE-2022-0845
- github.com/pytorchlightning/pytorch-lightning/commit/8b7a12c52e52a06408e9231647839ddb4665e8ae Patch 3rd Party
- huntr.dev/bounties/a795bf93-c91e-4c79-aae8-f7d8bda92e2a Exploit Issue Patch 3rd Party
Timeline
Published
March 5, 2022
Last Modified
November 21, 2024
First Seen
March 5, 2022