Description

In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing.

INFO

Published Date :

2024-10-29T00:00:00.000Z

Last Modified :

2025-01-09T17:22:47.091Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2024-48063 vulnerability.

Vendors Products
Linuxfoundation
  • Pytorch
Pytorch
  • Pytorch
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-48063.

URL Resource
https://gist.github.com/hexian2001/c046c066895a963ecc0a2cf9e1180065 cve-icon cve-icon
https://github.com/pytorch/pytorch/issues/129228 cve-icon cve-icon
https://github.com/pytorch/pytorch/security/policy#using-distributed-features cve-icon cve-icon
https://rumbling-slice-eb0.notion.site/Distributed-RPC-Framework-RemoteModule-has-Deserialization-RCE-in-pytorch-pytorch-111e3cda9e8c8021a7d3cbc61ee1a20c cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact