Miggo Logo
Miggo Vulnerability Database
CVE-2024-7804

CVE-2024-7804:
PyTorch deserialization vulnerability

9.8

CVSS Score
3.0

Basic Information

CVE ID
CVE-2024-7804
GHSA ID
GHSA-4vmg-rw8f-92f9
EPSS Score
-
CWE
CWE-502
Published
3/20/2025
Updated
3/21/2025
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
torchpip

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from insecure deserialization in the PyTorch RPC framework. The _InternalRPCPickler.deserialize() method directly uses Python's native pickle deserialization (via pickle.Unpickler) on untrusted network input (PythonUDF objects). This allows attackers to craft malicious payloads that execute arbitrary code during deserialization. The code at line 162 in internal.py shows the vulnerable deserialization call without any validation safeguards. The connection to RCE is explicit in the advisory, and pickle deserialization vulnerabilities are well-known for enabling code execution.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* **s*ri*liz*tion vuln*r**ility *xists in t** Pytor** RP* *r*m*work (tor**.*istri*ut**.rp*) in pytor**/pytor** v*rsions <=*.*.*. T** vuln*r**ility *ris*s *rom t** l**k o* s**urity v*ri*i**tion *urin* t** **s*ri*liz*tion pro**ss o* Pyt*onU** o*j**ts i

Reasoning

T** vuln*r**ility st*ms *rom ins**ur* **s*ri*liz*tion in t** PyTor** RP* *r*m*work. T** `_Int*rn*lRP*Pi*kl*r.**s*ri*liz*()` m*t*o* *ir**tly us*s Pyt*on's n*tiv* `pi*kl*` **s*ri*liz*tion (vi* `pi*kl*.Unpi*kl*r`) on untrust** n*twork input (Pyt*onU** o