Open mend-bolt-for-github[bot] opened 4 weeks ago
Tensors and Dynamic neural networks in Python with strong GPU acceleration
Library home page: https://files.pythonhosted.org/packages/cc/df/5204a13a7a973c23c7ade615bafb1a3112b5d0ec258d8390f078fa4ab0f7/torch-2.4.1-cp312-cp312-manylinux1_x86_64.whl
Path to dependency file: /src/project/ai-rag-llm/ollama-repo-changes/requirements.txt
Path to vulnerable library: /tmp/ws-ua_20241123173544_ZRDILV/python_ACKMZH/202411231737521/env/lib/python3.8/site-packages/torch-2.4.1.dist-info
Dependency Hierarchy: - :x: **torch-2.4.1-cp312-cp312-manylinux1_x86_64.whl** (Vulnerable Library)
Found in HEAD commit: 92e57f9e81da15812523bf929f8ad33bdae5e967
Found in base branch: main
In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing.
Publish Date: 2024-10-29
URL: CVE-2024-48063
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2024-48063
Release Date: 2024-10-29
Fix Resolution: 2.5.0
Step up your Open Source Security Game with Mend here
CVE-2024-48063 - Critical Severity Vulnerability
Tensors and Dynamic neural networks in Python with strong GPU acceleration
Library home page: https://files.pythonhosted.org/packages/cc/df/5204a13a7a973c23c7ade615bafb1a3112b5d0ec258d8390f078fa4ab0f7/torch-2.4.1-cp312-cp312-manylinux1_x86_64.whl
Path to dependency file: /src/project/ai-rag-llm/ollama-repo-changes/requirements.txt
Path to vulnerable library: /tmp/ws-ua_20241123173544_ZRDILV/python_ACKMZH/202411231737521/env/lib/python3.8/site-packages/torch-2.4.1.dist-info
Dependency Hierarchy: - :x: **torch-2.4.1-cp312-cp312-manylinux1_x86_64.whl** (Vulnerable Library)
Found in HEAD commit: 92e57f9e81da15812523bf929f8ad33bdae5e967
Found in base branch: main
In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing.
Publish Date: 2024-10-29
URL: CVE-2024-48063
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2024-48063
Release Date: 2024-10-29
Fix Resolution: 2.5.0
Step up your Open Source Security Game with Mend here