Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/03/22 12:12 p.m.5 views

CVE-2024-10190

Horovod versions up to and including v0.28.1 are vulnerable to unauthenticated remote code execution. The vulnerability is due to improper handling of base64-encoded data in the ElasticRendezvousHandler, a subclass of KVStoreHandler. Specifically, the putvalue method in ElasticRendezvousHandler...

9.8CVSS8.3AI score0.01021EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2025/03/20 12:32 p.m.8 views

deephyper (>=0.1.10 <=0.1.11), l2hmc (>=0.1.0 <=0.13.0) +12 more potentially affected by CVE-2024-10190 via horovod (>=0.19.5 <=0.28.1)

horovod PYPI version =0.19.5, =0.1.10, =0.1.0, =0.1.1, =0.0.0a0, =0.0.3, =0.0.1.0, =0.1.0, =0.1.2, =0.1.8 - zetascale =0.7.1 Source cves: CVE-2024-10190 Source advisory: SNYK:PYTHON-HOROVOD-9510936...

9.8CVSS7.2AI score0.01021EPSS
Exploits1
Circl
Circl
added 2025/03/20 11:40 a.m.5 views

CVE-2024-10190

creationtimestamp| type| source ---|---|--- 2025-03-20 11:40:13+00:00| seen| https://bsky.app/profile/cyberalerts.bsky.social/post/3lksmgx4qbq2p...

9.8CVSS6.8AI score0.01021EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:9 a.m.8 views

CVE-2024-10190 Unauthenticated Remote Code Execution in ElasticRendezvousHandler in horovod/horovod

Horovod versions up to and including v0.28.1 are vulnerable to unauthenticated remote code execution. The vulnerability is due to improper handling of base64-encoded data in the ElasticRendezvousHandler, a subclass of KVStoreHandler. Specifically, the putvalue method in ElasticRendezvousHandler...

9.8CVSS9.9AI score0.01021EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:9 a.m.42 views

CVE-2024-10190

Horovod CVE-2024-10190 affects v0.28.1 and earlier. The vulnerability is due to ElasticRendezvousHandler.do_PUT/_put_value decoding base64 data and ultimately calling cloudpickle.loads, enabling an unauthenticated attacker to supply a malicious pickle object via a PUT request and achieve arbitrar...

9.8CVSS9.9AI score0.01021EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/03/20 10:9 a.m.16 views

CVE-2024-10190 Unauthenticated Remote Code Execution in ElasticRendezvousHandler in horovod/horovod

Horovod versions up to and including v0.28.1 are vulnerable to unauthenticated remote code execution. The vulnerability is due to improper handling of base64-encoded data in the ElasticRendezvousHandler, a subclass of KVStoreHandler. Specifically, the putvalue method in ElasticRendezvousHandler...

9.8CVSS0.01021EPSS
Exploits1References1
Rows per page
Query Builder