CVE-2022-24294

CVE-2022-24294 affects Apache MXNet (incubating) prior to 1.9.1. The vulnerability is a regular-expression Denial of Service (ReDoS) in the MXNet RTC module (get_kernel path cited in sources) when loading a model with a specially crafted operator name, causing excessive resource consumption durin...

CVE-2018-1281

CVE-2018-1281 involves Apache MXNet in clustered deployments. The root cause is that in versions older than 1.0.0, the MXNet scheduler can be made to listen on 0.0.0.0 instead of the user-specified DMLC_PS_ROOT_URI/DMLC_PS_ROOT_PORT when a scheduler node initializes. This misconfiguration causes ...