CVE-2024-5452
Published: 06 June 2024
Summary
CVE-2024-5452 is a critical-severity Improperly Controlled Modification of Dynamically-Determined Object Attributes (CWE-915) vulnerability in Lightningai Pytorch Lightning. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 2.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Deep Learning Frameworks; in the Other ATLAS/OWASP Terms risk domain; MITRE ATLAS techniques in scope: AI Supply Chain Compromise (AML.T0010), Obtain Capabilities (AML.T0016), Exfiltration via AI Inference API (AML.T0024).
Deeper analysis
A remote code execution vulnerability affects the lightning-ai/pytorch-lightning library in version 2.2.1. It stems from unsafe deserialization of user-supplied input passed to deepdiff.Delta objects, which the application uses to apply frontend-driven state changes. The deepdiff library's handling of dunder attributes can be bypassed, allowing a crafted serialized delta to evade the intended whitelist and grant arbitrary attribute writes that lead to full code execution.
Unauthenticated remote attackers can exploit the flaw by sending a malicious delta payload to the delta endpoint, which is enabled by default in self-hosted deployments. Successful exploitation grants complete control over the application process, including access to other modules and instances, without requiring authentication or user interaction.
A fix was merged in commit 330af381de88cff17515418a341cbc1f9f127f9a. Public details of the issue and proof-of-concept are available in the referenced huntr.dev bounty report.
The affected component is widely used in machine-learning workflows. EPSS scores climbed from lower values to a peak of 0.6262, indicating that exploitation interest emerged after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-2023
Vulnerability details
A remote code execution (RCE) vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the `deepdiff` library. The library uses `deepdiff.Delta` objects to modify application state based…
more
on frontend actions. However, it is possible to bypass the intended restrictions on modifying dunder attributes, allowing an attacker to construct a serialized delta that passes the deserializer whitelist and contains dunder attributes. When processed, this can be exploited to access other modules, classes, and instances, leading to arbitrary attribute write and total RCE on any self-hosted pytorch-lightning application in its default configuration, as the delta endpoint is enabled by default.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Deep Learning Frameworks
- Risk Domain
- Other ATLAS/OWASP Terms
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- PyTorch Lightning (lightning-ai/pytorch-lightning) is a high-level deep learning framework built on PyTorch, simplifying training and deployment of deep learning models.
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The RCE vulnerability in the pytorch-lightning library's default delta endpoint allows attackers to exploit a public-facing web application via crafted deserialized input, enabling arbitrary code execution.
MITRE ATLAS TechniquesAI
MITRE ATLAS techniques
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Requiring explicit authorization and ongoing control of mobile code implements proper management of dynamically loaded code resources.