CVE-2022-31604

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-31604

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31604.json

Aliases

Published

2022-07-01T18:15:08Z

Modified

2023-11-29T09:45:59.311218Z

Details

NVFLARE, versions prior to 2.1.2, contains a vulnerability in its PKI implementation module, where The CA credentials are transported via pickle and no safe deserialization. The deserialization of Untrusted Data may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity.

References

https://github.com/NVIDIA/NVFlare/security/advisories/GHSA-rcxc-3w2m-mp8h

Affected packages

Git / github.com/nvidia/nvflare

Affected ranges

Type: GIT
Repo: https://github.com/nvidia/nvflare
Events: Introduced

0The exact introduced commit is unknown

Fixed

2b6e1b1e2e0da8636e636289e92266c42e3e6483

Affected versions

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.1.0

2.1.0a1

2.1.0a2

2.1.0rc1

2.1.0rc2

2.1.0rc3

2.1.0rc4

2.1.0rc5

2.1.1