ГлавнаяУязвимости → CVE-2024-21649
8.8высокая

CVE-2024-21649

Описание

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Prior to 4.2.0, authenticated users could inject code into algorithm environment variables, resulting in remote code execution. This vulnerability is patched in 4.2.0.

Затрагиваемое ПО
Vantage6 Vantage6
CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/vantage6/vantage6/commit/eac19db737145d3ca987adf037a454fae0790dddhttps://github.com/vantage6/vantage6/security/advisories/GHSA-w9h2-px87-74vxhttps://github.com/vantage6/vantage6/commit/eac19db737145d3ca987adf037a454fae0790dddhttps://github.com/vantage6/vantage6/security/advisories/GHSA-w9h2-px87-74vx