Machine Learning

In PyTorch version 2.6.0+cu124 a medium severity vulnerability CVE-2025-4287 was detected. This vulnerability affects the torch.cuda.nccl.reduce function in the torch/cuda/nccl.py file and may lead to denial of service. The issue can be exploited locally, and details of the exploit have been publicly disclosed. To address this issue, users must apply the patch. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4287.

In PyTorch version 2.5.1 and prior a critical severity vulnerability CVE-2025-32434 was detected. This vulnerability allows remote command execution (RCE) when loading a model. To address this issue users must upgrade to version 2.6.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-32434.

In JupyterLab versions before 3.6.7 and from 4.0.0 to 4.2.4 a high severity vulnerability CVE-2024-43805 was detected. This vulnerability allows attackers to gain access to any data the victim can access and execute arbitrary requests as if they were the victim by exploiting a vulnerability in JupyterLab through malicious notebooks or Markdown files. To fix this problem, users should upgrade JupyterLab to versions 3.6.8 and 4.2.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-43805.

In JupyterLab extension template (copier) a high severity security vulnerability CVE-2024-39700 was detected. This vulnerability allows attackers to perform Remote Code Execution (RCE) via the `update-integration-tests.yml` workflow included in repositories created with the `test` option. To address this issue, users should upgrade the template to version 4.3.0 or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-39700.