Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-48063

Опубликовано: 29 окт. 2024
Источник: debian
EPSS Средний

Описание

In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
pytorchunfixedpackage

Примечания

  • https://rumbling-slice-eb0.notion.site/Distributed-RPC-Framework-RemoteModule-has-Deserialization-RCE-in-pytorch-pytorch-111e3cda9e8c8021a7d3cbc61ee1a20c

  • Non issue as only documented to be used for internal communication:

  • https://github.com/pytorch/pytorch/security/policy#using-distributed-features

  • should probably be rejected, similar as CVE-2024-5480 got rejected, MITRE contacted

EPSS

Процентиль: 95%
0.18488
Средний

Связанные уязвимости

ubuntu логотип

CVE-2024-48063

CVSS3: 9.8
ubuntu
больше 1 года назад

In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing.

nvd логотип

CVE-2024-48063

CVSS3: 9.8
nvd
больше 1 года назад

In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing.

github логотип

GHSA-9v5x-r4g7-gqw3

CVSS3: 9.8
github
больше 1 года назад

In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE.

EPSS

Процентиль: 95%
0.18488
Средний