NVFLARE, versions prior to 2.1.2, contains a vulnerability in its PKI implementation module, where The CA credentials are transported via pickle and no safe deserialization. The deserialization of Untrusted Data may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity.
References
Link | Resource |
---|---|
https://github.com/NVIDIA/NVFlare/security/advisories/GHSA-rcxc-3w2m-mp8h | Third Party Advisory |
https://github.com/NVIDIA/NVFlare/security/advisories/GHSA-rcxc-3w2m-mp8h | Third Party Advisory |
Configurations
History
21 Nov 2024, 07:04
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/NVIDIA/NVFlare/security/advisories/GHSA-rcxc-3w2m-mp8h - Third Party Advisory |
Information
Published : 2022-07-01 18:15
Updated : 2024-11-21 07:04
NVD link : CVE-2022-31604
Mitre link : CVE-2022-31604
CVE.ORG link : CVE-2022-31604
JSON object : View
Products Affected
nvidia
- nvflare
CWE
CWE-502
Deserialization of Untrusted Data