Vulnerability CVE-2022-0845


Published: 2022-03-05

Description:
Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0.

Type:

CWE-94

(Improper Control of Generation of Code ('Code Injection'))

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Pytorchlightning -> Pytorch lightning 

 References:
https://huntr.dev/bounties/a795bf93-c91e-4c79-aae8-f7d8bda92e2a
https://github.com/pytorchlightning/pytorch-lightning/commit/8b7a12c52e52a06408e9231647839ddb4665e8ae

Copyright 2024, cxsecurity.com

 

Back to Top