Pytorch.Lightning.Deserialization
Description
There is untrusted YAML Deserialization vulnerability on PyTorchLightning Github repository. PyTorchLightning's saving.py (core.saving.load_hparams_from_yaml) functionality is calling "yaml.UnsafeLoader" from pyyaml Python library which is not secure method.
Because of that, maliciously crafted yaml config file can cause code execution on the victim's machine.
Affected Products
PyYAML<=5.3
Impact
Maliciously crafted yaml config file can cause code execution on the victim's machine.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
Version Updates
Date | Version | Detail |
---|---|---|
2022-08-15 | 0.00326 |