2 matches found
nemo-eval (=0.2.0rc0), nemo-export-deploy (>=0.2.0 <=0.3.1) potentially affected by CVE-2025-33239 via megatron-bridge (=0.2.0rc6)
megatron-bridge PYPI version =0.2.0rc6 is affected by a known vulnerability. The following packages have a transitive dependency on megatron-bridge and may be impacted: - nemo-eval =0.2.0rc0 - nemo-export-deploy =0.2.0, =0.3.1 Source cves: CVE-2025-33239 Source advisory:...
CVE-2025-33239
NVIDIA Megatron Bridge contains a vulnerability in a data merging tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...