adding CVE-2024-48063 for pytorch training neuronx 2.1.2 (#5148)

* adding CVE-2024-48063 for pytorch training neuronx 2.1.2

* Update ['dlc_developer_config.toml']

dlc_developer_config.toml:
{   'build': {   'build_frameworks': ['huggingface_pytorch'],
                 'build_inference': False,
                 'build_training': True},
    'buildspec_override': {   'dlc-pr-huggingface-pytorch-neuronx-training': 'huggingface/pytorch/training/buildspec-neuronx.yml'},
    'dev': {   'arm64_mode': False,
               'deep_canary_mode': False,
               'graviton_mode': False,
               'neuronx_mode': True},
    'test': {   'ec2_tests': False,
                'ecs_tests': False,
                'eks_tests': False,
                'sagemaker_local_tests': False,
                'sagemaker_remote_tests': False,
                'sanity_tests': True,
                'security_tests': False}}

* revert dlc_developer_config.toml

Author: bnpaws

huggingface/pytorch/training/docker/2.1/py3/sdk2.20.0/Dockerfile.neuronx.os_scan_allowlist.json

@@ -1907,5 +1907,36 @@
          "title":"CVE-2024-7348 - postgresql-12",
          "reason_to_ignore":"N/A"
       }
-    ]
-}
+    ],
+    "torch": [
+      {
+         "description": "In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing.",
+         "vulnerability_id": "CVE-2024-48063",
+         "name": "CVE-2024-48063",
+         "package_name": "torch",
+         "package_details": {
+         "file_path": "/opt/conda/lib/python3.11/site-packages/torch-2.4.0+cu124.dist-info/METADATA",
+         "name": "torch",
+         "package_manager": "PYTHON",
+         "version": "2.4.0+cu124",
+         "release": null
+         },
+         "remediation": {
+         "recommendation": {
+            "text": "None Provided"
+         }
+         },
+         "cvss_v3_score": 9.8,
+         "cvss_v30_score": 0.0,
+         "cvss_v31_score": 9.8,
+         "cvss_v2_score": 0.0,
+         "cvss_v3_severity": "CRITICAL",
+         "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48063",
+         "source": "NVD",
+         "severity": "CRITICAL",
+         "status": "ACTIVE",
+         "title": "CVE-2024-48063 - torch",
+         "reason_to_ignore": "this container is specifically pytorch 2.4.x so we cant upgrade to later minor versions"
+      }
+   ]
+}