CVE-2024-8019
⛔ criticalSummary
In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the `LightningApp` when running on a Windows host. The vulnerability occurs at the `/api/v1/upload_file/` endpoint, allowing an attacker to write or overwrite arbitrary files by providing a crafted filename. This can lead to potential remote code execution (RCE) by overwriting critical files or placing malicious files in sensitive locations.
CVSS Score
9.1
Critical
EPSS Score
1.0
Exploit Probability
Published Date
2025-03-20
First Seen: 2026-01-05
📊 Relative Risk Intelligence
This CVE is High Risk - more severe than 87.7% of all 328,009 vulnerabilities in our database.
#40,306
Top 25% most severe
Severity Percentile
🎯 CISA SSVC Assessment Updated: Mar 20, 2025
🔍 Exploitation Status
Poc
Proof-of-concept available
⚙️ Automatable
YES
Can be exploited automatically
💥 Technical Impact
Partial
Limited system impact
SSVC data provided by
CISA
Last Modified
2025-08-01
Source
NVD 🔗
CVSS Vector 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
CWE IDs (Weakness Types)