6 matches found
CVE-2024-10190
Horovod versions up to and including v0.28.1 are vulnerable to unauthenticated remote code execution. The vulnerability is due to improper handling of base64-encoded data in the ElasticRendezvousHandler, a subclass of KVStoreHandler. Specifically, the putvalue method in ElasticRendezvousHandler...
deephyper (>=0.1.10 <=0.1.11), l2hmc (>=0.1.0 <=0.13.0) +12 more potentially affected by CVE-2024-10190 via horovod (>=0.19.5 <=0.28.1)
horovod PYPI version =0.19.5, =0.1.10, =0.1.0, =0.1.1, =0.0.0a0, =0.0.3, =0.0.1.0, =0.1.0, =0.1.2, =0.1.8 - zetascale =0.7.1 Source cves: CVE-2024-10190 Source advisory: SNYK:PYTHON-HOROVOD-9510936...
CVE-2024-10190
creationtimestamp| type| source ---|---|--- 2025-03-20 11:40:13+00:00| seen| https://bsky.app/profile/cyberalerts.bsky.social/post/3lksmgx4qbq2p...
CVE-2024-10190 Unauthenticated Remote Code Execution in ElasticRendezvousHandler in horovod/horovod
Horovod versions up to and including v0.28.1 are vulnerable to unauthenticated remote code execution. The vulnerability is due to improper handling of base64-encoded data in the ElasticRendezvousHandler, a subclass of KVStoreHandler. Specifically, the putvalue method in ElasticRendezvousHandler...
CVE-2024-10190
Horovod CVE-2024-10190 affects v0.28.1 and earlier. The vulnerability is due to ElasticRendezvousHandler.do_PUT/_put_value decoding base64 data and ultimately calling cloudpickle.loads, enabling an unauthenticated attacker to supply a malicious pickle object via a PUT request and achieve arbitrar...
CVE-2024-10190 Unauthenticated Remote Code Execution in ElasticRendezvousHandler in horovod/horovod
Horovod versions up to and including v0.28.1 are vulnerable to unauthenticated remote code execution. The vulnerability is due to improper handling of base64-encoded data in the ElasticRendezvousHandler, a subclass of KVStoreHandler. Specifically, the putvalue method in ElasticRendezvousHandler...