6 matches found
vantage6-node (>=0.0.0 <=4.0.1rc2), vantage6-server (>=0.0.0 <=4.0.1rc2) potentially affected by CVE-2023-23930 via vantage6 (>=0.0.0 <=4.0.1rc2)
vantage6 PYPI version =0.0.0, =0.0.0, =0.0.0, =4.0.1rc2 Source cves: CVE-2023-23930 Source advisory: OSV:GHSA-5M22-CFQ9-86X6...
CVE-2023-23930
creationtimestamp| type| source ---|---|--- 2023-10-11 22:17:38+00:00| seen| https://t.me/cibsecurity/72139...
CVE-2023-23930
vantage6 is privacy preserving federated learning infrastructure. Versions prior to 4.0.0 use pickle, which has known security issue, as a default serialization module but that has known security issues. All users of vantage6 that post tasks with the default serialization are affected. Version...
vantage6-node (>=0.0.0 <=4.0.1rc2), vantage6-server (>=0.0.0 <=4.0.1rc2) potentially affected by CVE-2023-23930 via vantage6 (>=0.0.0 <=4.0.1rc2)
vantage6 PYPI version =0.0.0, =0.0.0, =0.0.0, =4.0.1rc2 Source cves: CVE-2023-23930 Source advisory: OSV:PYSEC-2023-196...
CVE-2023-23930
The CVE-2023-23930 entry concerns vantage6, a privacy-preserving federated learning platform. Versions before 4.0.0 default to Python pickle for serialization, which has known security issues; all users posting tasks with the default serialization are affected. A patch exists in version 4.0.0 tha...
CVE-2023-23930 vantage6's Pickle serialization is insecure
vantage6 is privacy preserving federated learning infrastructure. Versions prior to 4.0.0 use pickle, which has known security issue, as a default serialization module but that has known security issues. All users of vantage6 that post tasks with the default serialization are affected. Version...