Описание
NVFLARE, versions prior to 2.1.2, contains a vulnerability in its PKI implementation module, where The CA credentials are transported via pickle and no safe deserialization. The deserialization of Untrusted Data may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.1.2 (исключая)
cpe:2.3:a:nvidia:nvflare:*:*:*:*:*:*:*:*
EPSS
Процентиль: 85%
0.02435
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-502
CWE-502
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
Unsafe deserialisation in the PKI implementation scheme of NVFlare
EPSS
Процентиль: 85%
0.02435
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-502
CWE-502