Lightning vulnerability CVE-2024-8020

[cedriccuypers]

Bug description

According to CVE-2024-8020, there is a high risk vulnerability in pytorch-lightning >=2.3.2.

https://huntr.com/bounties/8b642a78-2b80-4fb0-9b2f-8ba0ff37db6a

Looking for a reply of the community if/how/when this would be fixed.

What version are you seeing the problem on?

v2.3, v2.4, v2.5

Reproduced in studio

No response

How to reproduce the bug

Error messages and logs

# Error messages and logs here please

Environment

Current environment

#- PyTorch Lightning Version (e.g., 2.5.0):
#- PyTorch Version (e.g., 2.5):
#- Python version (e.g., 3.12):
#- OS (e.g., Linux):
#- CUDA/cuDNN version:
#- GPU models and configuration:
#- How you installed Lightning(`conda`, `pip`, source):

More info

No response

[Borda]

What version are you seeing the problem on?

v2.3, v2.4, v2.5

Thank you for reporting this issue, could you please elaborate on how this is related since there was no release since 2.3.2 https://pypi.org/project/lightning-app/

[Borda]

this issue has been fixed in > 2.3.2, so 2.3.x, 2.4.x, 2.5.x are not affected, and even in 2.3.2 no pytorch lightning or fabric user code was affected