37 matches found
CVE-2026-31234
Horovod thru 0.28.1 contains an insecure deserialization vulnerability CWE-502 in its KVStore HTTP server component. The KVStore server, used for distributed task coordination, lacks authentication and authorization controls, allowing any remote attacker to write arbitrary data via HTTP PUT...
EUVD-2026-29557
Horovod thru 0.28.1 contains an insecure deserialization vulnerability CWE-502 in its KVStore HTTP server component. The KVStore server, used for distributed task coordination, lacks authentication and authorization controls, allowing any remote attacker to write arbitrary data via HTTP PUT...
Horovod contains an insecure deserialization vulnerability in its KVStore HTTP server component
Horovod thru 0.28.1 contains an insecure deserialization vulnerability CWE-502 in its KVStore HTTP server component. The KVStore server, used for distributed task coordination, lacks authentication and authorization controls, allowing any remote attacker to write arbitrary data via HTTP PUT...
GHSA-MF8F-X4R3-JM8C Horovod contains an insecure deserialization vulnerability in its KVStore HTTP server component
Horovod thru 0.28.1 contains an insecure deserialization vulnerability CWE-502 in its KVStore HTTP server component. The KVStore server, used for distributed task coordination, lacks authentication and authorization controls, allowing any remote attacker to write arbitrary data via HTTP PUT...
CVE-2026-31234
Horovod thru 0.28.1 contains an insecure deserialization vulnerability CWE-502 in its KVStore HTTP server component. The KVStore server, used for distributed task coordination, lacks authentication and authorization controls, allowing any remote attacker to write arbitrary data via HTTP PUT...
CVE-2026-31234
Horovod thru 0.28.1 contains an insecure deserialization vulnerability CWE-502 in its KVStore HTTP server component. The KVStore server, used for distributed task coordination, lacks authentication and authorization controls, allowing any remote attacker to write arbitrary data via HTTP PUT...
Horovod 安全漏洞
Horovod is a distributed training framework developed by Horovod OpenSource, based on TensorFlow, Keras, PyTorch, and Apache MXNet. Horovod versions 0.28.1 and earlier contain security vulnerabilities. These vulnerabilities stem from the lack of authentication and authorization controls in the...
PT-2026-40121
Horovod thru 0.28.1 contains an insecure deserialization vulnerability CWE-502 in its KVStore HTTP server component. The KVStore server, used for distributed task coordination, lacks authentication and authorization controls, allowing any remote attacker to write arbitrary data via HTTP PUT...
CVE-2026-31234
Horovod through v0.28.1 exposes an insecure deserialization vulnerability (CWE-502) in its KVStore HTTP server. The KVStore server lacks authentication/authorization, allowing remote attackers to write arbitrary data via HTTP PUT. When a Horovod worker subsequently reads data from KVStore (via HT...
EUVD-2022-0119
Malicious code in bioql PyPI...
EUVD-2025-7121
Malicious code in bioql PyPI...
CVE-2024-10190
Horovod versions up to and including v0.28.1 are vulnerable to unauthenticated remote code execution. The vulnerability is due to improper handling of base64-encoded data in the ElasticRendezvousHandler, a subclass of KVStoreHandler. Specifically, the putvalue method in ElasticRendezvousHandler...
GHSA-MRHH-3GGQ-23P2 Horovod Vulnerable to Command Injection
Horovod versions up to and including v0.28.1 are vulnerable to unauthenticated remote code execution. The vulnerability is due to improper handling of base64-encoded data in the ElasticRendezvousHandler, a subclass of KVStoreHandler. Specifically, the putvalue method in ElasticRendezvousHandler...
deephyper (>=0.1.10 <=0.1.11), l2hmc (>=0.1.0 <=0.13.0) +12 more potentially affected by CVE-2024-10190 via horovod (>=0.19.5 <=0.28.1)
horovod PYPI version =0.19.5, =0.1.10, =0.1.0, =0.1.1, =0.0.0a0, =0.0.3, =0.0.1.0, =0.1.0, =0.1.2, =0.1.8 - zetascale =0.7.1 Source cves: CVE-2024-10190 Source advisory: SNYK:PYTHON-HOROVOD-9510936...
Deserialization of Untrusted Data
Overview horovod is a Distributed training framework for TensorFlow, Keras, PyTorch, and Apache MXNet. Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to improper handling of base64-encoded data in the ElasticRendezvousHandler, a subclass of KVStoreHandle...
Horovod Vulnerable to Command Injection
Horovod versions up to and including v0.28.1 are vulnerable to unauthenticated remote code execution. The vulnerability is due to improper handling of base64-encoded data in the ElasticRendezvousHandler, a subclass of KVStoreHandler. Specifically, the putvalue method in ElasticRendezvousHandler...
CVE-2024-10190
Horovod versions up to and including v0.28.1 are vulnerable to unauthenticated remote code execution. The vulnerability is due to improper handling of base64-encoded data in the ElasticRendezvousHandler, a subclass of KVStoreHandler. Specifically, the putvalue method in ElasticRendezvousHandler...
CVE-2024-10190
Horovod CVE-2024-10190 affects v0.28.1 and earlier. The vulnerability is due to ElasticRendezvousHandler.do_PUT/_put_value decoding base64 data and ultimately calling cloudpickle.loads, enabling an unauthenticated attacker to supply a malicious pickle object via a PUT request and achieve arbitrar...
CVE-2024-10190 Unauthenticated Remote Code Execution in ElasticRendezvousHandler in horovod/horovod
Horovod versions up to and including v0.28.1 are vulnerable to unauthenticated remote code execution. The vulnerability is due to improper handling of base64-encoded data in the ElasticRendezvousHandler, a subclass of KVStoreHandler. Specifically, the putvalue method in ElasticRendezvousHandler...
CVE-2024-10190 Unauthenticated Remote Code Execution in ElasticRendezvousHandler in horovod/horovod
Horovod versions up to and including v0.28.1 are vulnerable to unauthenticated remote code execution. The vulnerability is due to improper handling of base64-encoded data in the ElasticRendezvousHandler, a subclass of KVStoreHandler. Specifically, the putvalue method in ElasticRendezvousHandler...