CVE-2023-23930

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-23930
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-23930.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-23930
Aliases
Published
2023-10-11T17:39:23.504Z
Modified
2026-04-10T04:55:44.143136Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N CVSS Calculator
Summary
vantage6's Pickle serialization is insecure
Details

vantage6 is privacy preserving federated learning infrastructure. Versions prior to 4.0.0 use pickle, which has known security issue, as a default serialization module but that has known security issues. All users of vantage6 that post tasks with the default serialization are affected. Version 4.0.0 contains a patch. Users may specify JSON serialization as a workaround.

Database specific 
{
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/23xxx/CVE-2023-23930.json",
    "cwe_ids": [
        "CWE-502"
    ]
}
References

Affected packages

Git / github.com/vantage6/vantage6

Affected ranges

Type
GIT
Repo
https://github.com/vantage6/vantage6
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
7948b4b29f203df3b87f2f2a65bb44ee3e58433b

Affected versions

version/0.*
version/0.0.0b3
version/3.*
version/3.3.0
version/3.3.0rc1
version/3.3.0rc2
version/3.3.0rc3
version/3.3.0rc4
version/3.3.1
version/3.3.2
version/3.3.3
version/3.3.4
version/3.3.5
version/3.3.6
version/4.*
version/4.0.0a1
version/4.0.0a10
version/4.0.0a2
version/4.0.0a3
version/4.0.0a4
version/4.0.0a5
version/4.0.0a6
version/4.0.0a7
version/4.0.0a8
version/4.0.0a9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-23930.json"