[Git][security-tracker-team/security-tracker][master] pytorch non issue

Fri, 21 Mar 2025 00:33:31 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5383bf13 by Moritz Muehlenhoff at 2025-03-21T08:32:16+01:00
pytorch non issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -340,7 +340,10 @@ CVE-2024-7819 (A CORS misconfiguration in 
danswer-ai/danswer v1.4.1 allows attac
 CVE-2024-7806 (A vulnerability in open-webui/open-webui versions <= 0.3.8 
allows remo ...)
        NOT-FOR-US: open-webui/open-webui
 CVE-2024-7804 (A deserialization vulnerability exists in the Pytorch RPC 
framework (t ...)
-       TODO: check
+       NOTE: https://huntr.com/bounties/0e870eeb-f924-4054-8fac-d926b1fb7259
+       NOTE: Non issue as only documented to be used for internal 
communication:
+       NOTE: 
https://github.com/pytorch/pytorch/security/policy#using-distributed-features
+       NOTE: should probably be rejected, similar as CVE-2024-5480 got rejected
 CVE-2024-7779 (A vulnerability in danswer-ai/danswer version 1 allows an 
attacker to  ...)
        NOT-FOR-US: danswer-ai/danswer
 CVE-2024-7776 (A vulnerability in the `download_model` function of the 
onnx/onnx fram ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5383bf13894760d0a0d74ca64861a077adffcb5f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5383bf13894760d0a0d74ca64861a077adffcb5f
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to