CVE-2024-48063

Published: Oct 29, 2024

Modified: Jan 9, 2025

PUBLISHED

Description

In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://rumbling-slice-eb0.notion.site/Distributed-RPC-Framework-RemoteModule-has-Deserialization-RCE-in-pytorch-pytorch-111e3cda9e8c8021a7d3cbc61ee1a20c

https://gist.github.com/hexian2001/c046c066895a963ecc0a2cf9e1180065

https://github.com/pytorch/pytorch/issues/129228

https://github.com/pytorch/pytorch/security/policy#using-distributed-features

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-48063

Description

Affected Products

References