Lucene search
PRIOn knowledge basePRION:CVE-2022-31605HistoryJul 01, 2022 - 6:15 p.m.
Deserialization of untrusted data
2022-07-0118:15:00
PRIOn knowledge base
www.prio-n.com
4
NVFLARE, versions prior to 2.1.2, contains a vulnerability in its utils module, where YAML files are loaded via yaml.load() instead of yaml.safe_load(). The deserialization of Untrusted Data, may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity.
Related
veracode
veracode
Deserialization Of Untrusted Data
2022-06-23 11:01:40
osv
osv
Unsafe yaml deserialization in NVFlare
2022-06-22 21:22:46
PYSEC-2022-232
2022-07-01 18:15:00
CVE-2022-31605
2022-07-01 18:15:08
cvelist
cvelist
CVE-2022-31605
2022-07-01 17:15:22
nvd
nvd
CVE-2022-31605
2022-07-01 18:15:08
cve
cve
CVE-2022-31605
2022-07-01 18:15:08
github
github
Unsafe yaml deserialization in NVFlare
2022-06-22 21:22:46