We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-48063



Assignermitre
Reserved2024-10-08
Published2024-10-29
Updated2024-11-01

Description

In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing.

References

https://rumbling-slice-eb0.notion.site/Distributed-RPC-Framework-RemoteModule-has-Deserialization-RCE-in-pytorch-pytorch-111e3cda9e8c8021a7d3cbc61ee1a20c

https://gist.github.com/hexian2001/c046c066895a963ecc0a2cf9e1180065

https://github.com/pytorch/pytorch/issues/129228

https://github.com/pytorch/pytorch/security/policy#using-distributed-features

cve.org CVE-2024-48063

nvd.nist.gov CVE-2024-48063

Download JSON

Share this page
https://cve.threatint.com
Subscribe to our newsletter to learn more about our work.