Denial of Service Vulnerability in LightningApp by Lightning AI
CVE-2024-8020

7.5HIGH

Key Information:

Vendor: Lightning-ai
Status: Lightning-ai/pytorch-lightning
Vendor: CVE Published:; 20 March 2025

🔔 Create Lightning-ai Vulnerability Alert

What is CVE-2024-8020?

A vulnerability exists in the LightningApp component of Lightning AI's pytorch-lightning version 2.3.2, which can be exploited by sending an unexpected POST request to the /api/v1/state endpoint. This flaw arises from the inadequate handling of unexpected state values, leading to potential server downtime. It is crucial for users to apply remediation steps to secure their applications against this exploit and maintain system stability.

Affected Version(s)

lightning-ai/pytorch-lightning <= unspecified

References

https://huntr.com/bounties/8b642a78-2b80-4fb0-9b2f-8ba0ff...

CVSS V3.0

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 20, 2025
Vulnerability Reserved
Aug 20, 2024

CVE-2024-8020 Data

JSON