CVE-2022-34668

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-34668

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-34668.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-34668

Aliases

Related

GHSA-6qv6-q77g-7qm6

Published

2022-08-29T03:15:07.720Z

Modified

2025-11-20T12:08:07.014013Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

NVFLARE, versions prior to 2.1.4, contains a vulnerability that deserialization of Untrusted Data due to Pickle usage may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity.

References

Affected packages

Git / github.com/nvidia/nvflare

Affected ranges

Type: GIT
Repo: https://github.com/nvidia/nvflare
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

73cb64ca45f361126da1a26377357f756ddd900f

Affected versions

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.1.0

2.1.0a1

2.1.0a2

2.1.0rc1

2.1.0rc2

2.1.0rc3

2.1.0rc4

2.1.0rc5

2.1.1

2.1.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-34668.json"