A remote code execution (RCE) vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the `deepdiff` library. The library uses `deepdiff.Delta` objects to modify application state based on frontend actions. However, it is possible to bypass the intended restrictions on modifying dunder attributes, allowing an attacker to construct a serialized delta that passes the deserializer whitelist and contains dunder attributes. When processed, this can be exploited to access other modules, classes, and instances, leading to arbitrary attribute write and total RCE on any self-hosted pytorch-lightning application in its default configuration, as the delta endpoint is enabled by default.
The library uses `deepdiff.Delta` objects to modify application state based on actions from the frontend. The deserialization mechanism has a whitelist intended to restrict allowed operations; however, it is possible to bypass it by crafting a serialized delta object containing dunder attributes (e.g., `__class__`, `__module__`). The `deepdiff` library improperly manages such attributes, allowing an attacker to access other modules, classes, and object instances. As a result, arbitrary attribute writing and full RCE are possible, and the endpoint handling delta is enabled by default in every installation.
An attacker can remotely execute arbitrary code on the server without any authentication, leading to complete takeover of the application — loss of confidentiality, integrity, and system availability.
A patch available in the vendor's repository should be applied (commit 330af381de88cff17515418a341cbc1f9f127f9a on GitHub). Until an update is applied, it is recommended to disable or restrict network access to the delta endpoint (e.g., through a firewall or reverse proxy configuration).
lightning-ai/pytorch-lightning version 2.2.1 — all self-hosted applications in default configuration (delta endpoint enabled by default)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HLightningai Pytorch Lightning
APPLightningai< 2.3.3
Related vulnerabilities
PyTorch Lightning – mechanizm harvesting poświadczeń (Embedded Malicious Code)
RCE przez upload pliku w PyTorch Lightning (Windows) – CVE-2024-8019
Path Traversal w PyTorch Lightning umożliwiający RCE przez złośliwy plugin
Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0.
PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability (CWE-502) in th...