{"vulnerability": "CVE-2024-8019", "sightings": [{"uuid": "e5de107c-5a67-4da5-a73e-9cae1194b4e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-8019", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8277", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-8019\n\ud83d\udd25 CVSS Score: 9.1 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)\n\ud83d\udd39 Description: In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the `LightningApp` when running on a Windows host. The vulnerability occurs at the `/api/v1/upload_file/` endpoint, allowing an attacker to write or overwrite arbitrary files by providing a crafted filename. This can lead to potential remote code execution (RCE) by overwriting critical files or placing malicious files in sensitive locations.\n\ud83d\udccf Published: 2025-03-20T10:08:48.918Z\n\ud83d\udccf Modified: 2025-03-20T19:02:39.949Z\n\ud83d\udd17 References:\n1. https://huntr.com/bounties/2754298b-5af5-48ef-8b38-999093ddf2bd\n2. https://github.com/lightning-ai/pytorch-lightning/commit/330af381de88cff17515418a341cbc1f9f127f9a", "creation_timestamp": "2025-03-20T19:18:43.000000Z"}, {"uuid": "6a28f1fc-5b23-4b52-9c4d-54ef62aee423", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-8019", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3lksmhomiqy22", "content": "", "creation_timestamp": "2025-03-20T11:40:38.676518Z"}]}