Lightning AI PyTorch Lightning Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in Lightning AI PyTorch Lightning version 2.3.2. The issue arises when an attacker sends an unexpected POST request to the '/api/v1/state' endpoint of 'LightningApp'. This vulnerability is caused by improper management of unexpected state values, leading to a server shutdown.

Impact

Exploitation of this vulnerability causes the server to shut down, leading to a denial-of-service condition.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

6.0

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

6.0

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Lightning AI PyTorch Lightning Denial-of-Service Vulnerability

Vulnerability

Impact

Affected Products

lightning-ai/pytorch-lightning

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating