0.003 Low
EPSS
Percentile
70.1%
nvflare is vulnerable to deserialization of untrusted data. The vulnerability exists because the yaml files are not loaded safely which allows an attacker to execute codes and cause an application crash.
github.com/advisories/GHSA-hrf3-622q-8366
github.com/NVIDIA/NVFlare/commit/8e0996b70b72c76d2c9d5528c1fd435c4b89f59f
github.com/NVIDIA/NVFlare/pull/688
github.com/NVIDIA/NVFlare/releases/tag/2.1.2
github.com/NVIDIA/NVFlare/security/advisories/GHSA-hrf3-622q-8366