0.001 Low
EPSS
Percentile
38.6%
nvflare is vulnerable to denial of service. The MAX_ADMIN_CONNECTIONS parameter in the handle function of hci.py does not limit the max connection properly, allowing an attacker to crash the application.
MAX_ADMIN_CONNECTIONS
handle
hci.py
github.com/NVIDIA/NVFlare/commit/93588b3a0dff9bd4568983071b74d8b420de3a6e
github.com/NVIDIA/NVFlare/issues/301
github.com/NVIDIA/NVFlare/pull/314
github.com/NVIDIA/NVFlare/security/advisories/GHSA-jx8f-cpx7-fv47