CVE-2024-5980
Published: 27 June 2024
Summary
CVE-2024-5980 is a critical-severity Path Traversal (CWE-22) vulnerability in Lightningai Pytorch Lightning. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 6.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Deep Learning Frameworks; in the Supply Chain and Deployment risk domain; MITRE ATLAS techniques in scope: AI Supply Chain Compromise (AML.T0010), Exfiltration via AI Inference API (AML.T0024), AI Model Inference API Access (AML.T0040).
Deeper analysis
A path traversal vulnerability exists in the /v1/runs API endpoint of lightning-ai/pytorch-lightning version 2.2.4. When the LightningApp runs with the plugin_server enabled, the endpoint processes tar.gz plugin uploads without properly sanitizing embedded paths during extraction. This flaw, tracked as CWE-22, permits writes to arbitrary locations on the host filesystem and carries a CVSS 3.1 score of 9.8.
An unauthenticated remote attacker can upload a crafted tar.gz archive containing files that use “..” sequences. Successful exploitation results in arbitrary file placement, which can be leveraged to achieve remote code execution on the victim system.
A fix is available in the referenced commit that addresses unsafe path handling during tar extraction. The issue was disclosed through a public huntr bounty report that includes reproduction details and the patch location. The associated EPSS score has remained at 0.1073 with no material increase since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-2112
Vulnerability details
A vulnerability in the /v1/runs API endpoint of lightning-ai/pytorch-lightning v2.2.4 allows attackers to exploit path traversal when extracting tar.gz files. When the LightningApp is running with the plugin_server, attackers can deploy malicious tar.gz plugins that embed arbitrary files with path…
more
traversal vulnerabilities. This can result in arbitrary files being written to any directory in the victim's local file system, potentially leading to remote code execution.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Deep Learning Frameworks
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- The vulnerability affects lightning-ai/pytorch-lightning v2.2.4, a popular wrapper library for PyTorch, which is a deep learning framework used for training and managing deep learning models.
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal in tar.gz extraction via public /v1/runs API endpoint (T1190: Exploit Public-Facing Application) enables uploading and placing arbitrary files anywhere on the filesystem (T1105: Ingress Tool Transfer), potentially leading to RCE.
MITRE ATLAS TechniquesAI
MITRE ATLAS techniques
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validates pathnames and filenames to prevent traversal outside intended directories.