CVE-2022-31604

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-31604
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31604.json
Aliases
Published
2022-07-01T18:15:08Z
Modified
2024-05-14T11:58:28.821476Z
Summary
[none]
Details

NVFLARE, versions prior to 2.1.2, contains a vulnerability in its PKI implementation module, where The CA credentials are transported via pickle and no safe deserialization. The deserialization of Untrusted Data may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity.

References

Affected packages

Git / github.com/nvidia/nvflare

Affected ranges

Type
GIT
Repo
https://github.com/nvidia/nvflare
Events
Introduced
0The exact introduced commit is unknown
Fixed

Affected versions

2.*

2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.1.0
2.1.0a1
2.1.0a2
2.1.0rc1
2.1.0rc2
2.1.0rc3
2.1.0rc4
2.1.0rc5
2.1.1