[Git][security-tracker-team/security-tracker][master] pytorch non issue

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5383bf13 by Moritz Muehlenhoff at 2025-03-21T08:32:16+01:00
pytorch non issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -340,7 +340,10 @@ CVE-2024-7819 (A CORS misconfiguration in danswer-ai/danswer v1.4.1 allows attac
 CVE-2024-7806 (A vulnerability in open-webui/open-webui versions <= 0.3.8 allows remo ...)
 	NOT-FOR-US: open-webui/open-webui
 CVE-2024-7804 (A deserialization vulnerability exists in the Pytorch RPC framework (t ...)
-	TODO: check
+	NOTE: https://huntr.com/bounties/0e870eeb-f924-4054-8fac-d926b1fb7259
+	NOTE: Non issue as only documented to be used for internal communication:
+	NOTE: https://github.com/pytorch/pytorch/security/policy#using-distributed-features
+	NOTE: should probably be rejected, similar as CVE-2024-5480 got rejected
 CVE-2024-7779 (A vulnerability in danswer-ai/danswer version 1 allows an attacker to  ...)
 	NOT-FOR-US: danswer-ai/danswer
 CVE-2024-7776 (A vulnerability in the `download_model` function of the onnx/onnx fram ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5383bf13894760d0a0d74ca64861a077adffcb5f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5383bf13894760d0a0d74ca64861a077adffcb5f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250321/9fc3d18a/attachment.htm>