HRP hexian2001

## gist:51c6257351098e5b086a12ad247cc6ca
## CVE-2024-48206: Deserialization of Untrusted Data in Chainer’s Chainermn

### Description
A vulnerability in Chainer v7.8.1.post1 allows for the deserialization of untrusted data, leading to the execution of arbitrary code. The issue is located in the `chainermn` module, specifically in the communication utility component responsible for handling data exchange between nodes in a distributed system. This vulnerability can be exploited remotely by sending specially crafted serialized payloads that, when deserialized, can execute arbitrary commands.

### Vulnerability Type
- CWE-502: Deserialization of Untrusted Data

### Affected Product Code Base
- Chainer v7.8.1.post1 (https://github.com/chainer/chainer)

## gist:c046c066895a963ecc0a2cf9e1180065
## CVE-2024-48063: Remote Code Execution via PyTorch Distributed RPC Framework

### Description
PyTorch versions <= 2.4.1 contain a vulnerability in the `rpc.remote` function, a core feature of its distributed RPC (Remote Procedure Call) framework. This function allows the creation of remote object references and the invocation of methods on these objects across different processes or nodes in a distributed system. This functionality is crucial for distributed machine learning tasks, where computations must be spread across multiple nodes.

The module `import torch.distributed.rpc as rpc` is vulnerable to serialization attacks, leading to potential command injection and remote code execution. Attackers who can post malicious payloads to the RPC framework can execute arbitrary code on the affected nodes.

### Vulnerability Type
- CWE-77: Command Injection
	## CVE-2024-48206: Deserialization of Untrusted Data in Chainer’s Chainermn

	### Description
	A vulnerability in Chainer v7.8.1.post1 allows for the deserialization of untrusted data, leading to the execution of arbitrary code. The issue is located in the `chainermn` module, specifically in the communication utility component responsible for handling data exchange between nodes in a distributed system. This vulnerability can be exploited remotely by sending specially crafted serialized payloads that, when deserialized, can execute arbitrary commands.

	### Vulnerability Type
	- CWE-502: Deserialization of Untrusted Data

	### Affected Product Code Base
	- Chainer v7.8.1.post1 (https://github.com/chainer/chainer)
	## CVE-2024-48063: Remote Code Execution via PyTorch Distributed RPC Framework

	### Description
	PyTorch versions <= 2.4.1 contain a vulnerability in the `rpc.remote` function, a core feature of its distributed RPC (Remote Procedure Call) framework. This function allows the creation of remote object references and the invocation of methods on these objects across different processes or nodes in a distributed system. This functionality is crucial for distributed machine learning tasks, where computations must be spread across multiple nodes.

	The module `import torch.distributed.rpc as rpc` is vulnerable to serialization attacks, leading to potential command injection and remote code execution. Attackers who can post malicious payloads to the RPC framework can execute arbitrary code on the affected nodes.

	### Vulnerability Type
	- CWE-77: Command Injection