EPSS
Percentile
71.7%
nvflare is vulnerable to deserialization of untrusted data. The vulnerability exists because the CA credentials are transported via pickle and not properly deserialized which allows an attacker to execute codes and cause an application crash.
github.com/advisories/GHSA-rcxc-3w2m-mp8h
github.com/NVIDIA/NVFlare/commit/8e0996b70b72c76d2c9d5528c1fd435c4b89f59f
github.com/NVIDIA/NVFlare/releases/tag/2.1.2
github.com/NVIDIA/NVFlare/security/advisories/GHSA-rcxc-3w2m-mp8h