CVE-2024-8020

{"id": "CVE-2024-8020", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-03-20T10:15:39.137", "references": [{"url": "https://huntr.com/bounties/8b642a78-2b80-4fb0-9b2f-8ba0ff37db6a", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-248"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the `/api/v1/state` endpoint of `LightningApp`. This issue occurs due to improper handling of unexpected state values, which results in the server shutting down."}, {"lang": "es", "value": "Una vulnerabilidad en lightning-ai/pytorch-lightning versi\u00f3n 2.3.2 permite a un atacante provocar una denegaci\u00f3n de servicio mediante el env\u00edo de una solicitud POST inesperada al endpoint `/api/v1/state` de `LightningApp`. Este problema se produce debido a la gesti\u00f3n incorrecta de valores de estado inesperados, lo que provoca el apagado del servidor."}], "lastModified": "2025-10-15T13:15:53.443", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lightningai:pytorch_lightning:2.3.2:*:*:*:*:python:*:*", "vulnerable": true, "matchCriteriaId": "9DAFEB66-8316-421A-A6DC-9BF552A7AB6B"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}