Vulnerability Database
Blog
FAQ
PYSEC-2021-874
Source
https://github.com/pypa/advisory-database/blob/main/vulns/pytorch-lightning/PYSEC-2021-874.yaml
Aliases
CVE-2021-4118 (
GHSA-2vj5-px25-gjrp
)
GHSA-2vj5-px25-gjrp
Published
2021-12-23T18:15:00Z
Modified
2023-05-25T05:07:00Z
Details
pytorch-lightning is vulnerable to Deserialization of Untrusted Data
References
https://github.com/pytorchlightning/pytorch-lightning/commit/62f1e82e032eb16565e676d39e0db0cac7e34ace
https://huntr.dev/bounties/31832f0c-e5bb-4552-a12c-542f81f111e6
https://github.com/advisories/GHSA-2vj5-px25-gjrp
Affected packages
PyPI
/
pytorch-lightning
pytorch-lightning
Affected ranges
Type
GIT
Events
Introduced
0
Fixed
62f1e82e032eb16565e676d39e0db0cac7e34ace
Type
ECOSYSTEM
Events
Introduced
0
Fixed
1.6.0
Affected versions
0.*
0.0.2
0.10.0
0.2
0.2.2
0.2.3
0.2.4
0.2.4.1
0.2.5
0.2.5.1
0.2.5.2
0.2.6
0.3
0.3.1
0.3.2
0.3.3
0.3.4
0.3.4.1
0.3.5
0.3.6
0.3.6.1
0.3.6.3
0.3.6.4
0.3.6.5
0.3.6.6
0.3.6.7
0.3.6.8
0.3.6.9
0.4.0
0.4.1
0.4.2
0.4.3
0.4.4
0.4.5
0.4.6
0.4.7
0.4.8
0.4.9
0.5.0
0.5.1
0.5.1.2
0.5.1.3
0.5.2
0.5.2.1
0.5.3
0.5.3.1
0.5.3.2
0.5.3.3
0.6.0
0.7.1
0.7.3
0.7.5
0.7.6
0.8.1
0.8.3
0.8.4
0.8.5
0.9.0
1.*
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.1.0
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.1.6
1.1.7
1.1.8
1.2.0
1.2.0rc0
1.2.0rc1
1.2.0rc2
1.2.1
1.2.10
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.2.7
1.2.8
1.2.9
1.3.0
1.3.0rc1
1.3.0rc2
1.3.0rc3
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
1.3.6
1.3.7
1.3.7.post0
1.3.8
1.4.0
1.4.0rc0
1.4.0rc1
1.4.0rc2
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
1.4.7
1.4.8
1.4.9
1.5.0
1.5.0rc0
1.5.0rc1
1.5.1
1.5.10
1.5.2
1.5.3
1.5.4
1.5.5
1.5.6
1.5.7
1.5.8
1.5.9
1.6.0rc0
1.6.0rc1
PYSEC-2021-874 - OSV