Linuxfoundation: >> Pytorch >> 2.4.0 Security Vulnerabilities
PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch.load with weights_only=True. This issue has been patched in version 2.6.0.
CVSS Score
9.8
EPSS Score
0.003
Published
2025-04-18
In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing.
CVSS Score
9.8
EPSS Score
0.119
Published
2024-10-29