CVE-2022-34668

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-34668

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-34668.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-34668

Aliases

Related

GHSA-6qv6-q77g-7qm6

Published

2022-08-29T03:15:07.720Z

Modified

2026-03-13T22:01:16.058463Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

NVFLARE, versions prior to 2.1.4, contains a vulnerability that deserialization of Untrusted Data due to Pickle usage may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity.

References

Affected packages

Git / github.com/nvidia/nvflare

Affected ranges

Type

GIT

Repo

https://github.com/nvidia/nvflare

Events

Introduced

Fixed

73cb64ca45f361126da1a26377357f756ddd900f

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.1.4"
        }
    ]
}

Affected versions

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.1.0

2.1.0a1

2.1.0a2

2.1.0rc1

2.1.0rc2

2.1.0rc3

2.1.0rc4

2.1.0rc5

2.1.1

2.1.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-34668.json"