Critical
CVSS 9.8
Overview
In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing.
CVE-2024-48063
In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disp...
Risk analysis
This vulnerability is rated 🔴 CRITICAL.
- CVSS: 9.8 (CRITICAL)
- Detected tags: deserialization (tag impact: MODERATE)
Recommended actions:
- Avoid untrusted deserialization; prefer safe formats (JSON) and signatures.