Plans to address the vulnerability CVE-2024-5452

[kacpersh]

Bug description

Are there any plans to address the vulnerability highlighted here: https://nvd.nist.gov/vuln/detail/CVE-2024-5452?

What version are you seeing the problem on?

master

How to reproduce the bug

No response

Error messages and logs

# Error messages and logs here please

Environment

Current environment

#- Lightning Component (e.g. Trainer, LightningModule, LightningApp, LightningWork, LightningFlow):
#- PyTorch Lightning Version (e.g., 1.5.0):
#- Lightning App Version (e.g., 0.5.2):
#- PyTorch Version (e.g., 2.0):
#- Python version (e.g., 3.9):
#- OS (e.g., Linux):
#- CUDA/cuDNN version:
#- GPU models and configuration:
#- How you installed Lightning(`conda`, `pip`, source):
#- Running environment of LightningApp (e.g. local, cloud):

More info

No response

[awaelchli]

Hey @kacpersh
Thanks for reaching out. This has come up already and we are working on it, see the response here: #20032 (comment)

[awaelchli]

Update: we've removed the code in question from the repo.

[awaelchli]

A new release is available with the reported code removed: pypi.org/project/lightning

To upgrade:

pip install -U lightning

No action is required for the pytorch-lightning package or the lightning-fabric package, these never had that code included.

With this, I'm closing the issue. Thanks for the help everyone.