Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
NVFLARE, versions prior to 2.1.2, contains a vulnerability in its utils module, where YAML files are loaded via yaml.load() instead of yaml.safe_load(). The deserialization of Untrusted Data, may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
可信数据的反序列化
Vulnerability Title
NVIDIA NVFLARE 代码问题漏洞
Vulnerability Description
NVIDIA NVFLARE是美国英伟达(NVIDIA)公司的一个独立的 Python 库。旨在支持各方之间的联合学习,使用其本地安全受保护数据进行客户端培训,同时它包括协调和交换所有站点的结果进展的功能,以实现更好的全局模型,同时保护数据隐私。 NVIDIA NVFLARE 2.1.2 之前的版本存在安全漏洞,该漏洞源于utils 模块中包含一个漏洞,其中 YAML 文件是通过 yaml.load() 而不是 yaml.safe_load() 加载的。 Untrusted Data 的反序列化可能允许无
CVSS Information
N/A
Vulnerability Type
N/A