漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
漏洞
Unauthenticated Remote Code Execution in ElasticRendezvousHandler in horovod/horovod
漏洞信息
Horovod versions up to and including v0.28.1 are vulnerable to unauthenticated remote code execution. The vulnerability is due to improper handling of base64-encoded data in the `ElasticRendezvousHandler`, a subclass of `KVStoreHandler`. Specifically, the `_put_value` method in `ElasticRendezvousHandler` calls `codec.loads_base64(value)`, which eventually invokes `cloudpickle.loads(decoded)`. This allows an attacker to send a malicious pickle object via a PUT request, leading to arbitrary code execution on the server.
漏洞信息
N/A
漏洞
可信数据的反序列化
漏洞
Horovod 命令注入漏洞
漏洞信息
Horovod是Horovod开源的一个 TensorFlow、Keras、PyTorc h和 Apache MXNet 的分布式训练框架。 Horovod v0.28.1及之前版本存在命令注入漏洞,该漏洞源于ElasticRendezvousHandler对base64编码数据处理不当,可能导致远程代码执行。
漏洞信息
N/A
漏洞
N/A