You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
the current version of pytorch_lightning library has vulnerability to code injection – code read from environment variables started with PL_ could be evaluated.
See the function parse_env_variables in the file pytorch_lightning/utilities/argparse.py and the decorator _defaults_from_env_vars from the file pytorch_lightning/trainer/connectors/env_vars_connector.py in pytorch lightning library source code.
Our proposal: to fix this vulnerability we should do as follows:
create a python file remove_pl_parameters_tweaking.py in anomalib with the following code:
Describe the bug
the current version of pytorch_lightning library has vulnerability to code injection – code read from environment variables started with PL_ could be evaluated.
See the function parse_env_variables in the file pytorch_lightning/utilities/argparse.py and the decorator _defaults_from_env_vars from the file pytorch_lightning/trainer/connectors/env_vars_connector.py in pytorch lightning library source code.
Our proposal: to fix this vulnerability we should do as follows:
remove_pl_parameters_tweaking.py
in anomalib with the following code:The text was updated successfully, but these errors were encountered: