Skip to main content

Nvflare

3 CVEs product

Monthly

CVE-2022-34668 PyPI CRITICAL POC PATCH Act Now

NVFLARE, versions prior to 2.1.4, contains a vulnerability that deserialization of Untrusted Data due to Pickle usage may allow an unprivileged network attacker to cause Remote Code Execution, Denial. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Denial Of Service Nvflare
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
8.5%
CVE-2022-31605 PyPI CRITICAL PATCH Act Now

NVFLARE, versions prior to 2.1.2, contains a vulnerability in its utils module, where YAML files are loaded via yaml.load() instead of yaml.safe_load(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Denial Of Service Nvflare
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-31604 PyPI CRITICAL PATCH Act Now

NVFLARE, versions prior to 2.1.2, contains a vulnerability in its PKI implementation module, where The CA credentials are transported via pickle and no safe deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Denial Of Service Nvflare
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
EPSS 9% CVSS 9.8
CRITICAL POC PATCH Act Now

NVFLARE, versions prior to 2.1.4, contains a vulnerability that deserialization of Untrusted Data due to Pickle usage may allow an unprivileged network attacker to cause Remote Code Execution, Denial. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Denial Of Service +1
NVD GitHub Exploit-DB
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

NVFLARE, versions prior to 2.1.2, contains a vulnerability in its utils module, where YAML files are loaded via yaml.load() instead of yaml.safe_load(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Denial Of Service +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

NVFLARE, versions prior to 2.1.2, contains a vulnerability in its PKI implementation module, where The CA credentials are transported via pickle and no safe deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Denial Of Service +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy