We found results for “”
CVE-2024-21649
Good to know:
Date: January 30, 2024
The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Prior to 4.2.0, authenticated users could inject code into algorithm environment variables, resulting in remote code execution. This vulnerability is patched in 4.2.0.
Language: Python
Severity Score
Severity Score
Weakness Type (CWE)
Code Injection
CWE-94Top Fix
Upgrade Version
Upgrade to version vantage6 - 4.2.0, vantage6-algorithm-tools - 4.2.0, vantage6 -common - 4.2.0, vantage6-node - 4.2.0
CVSS v3
Base Score: |
|
---|---|
Attack Vector (AV): | |
Attack Complexity (AC): | |
Privileges Required (PR): | |
User Interaction (UI): | |
Scope (S): | |
Confidentiality (C): | PARTIAL |
Integrity (I): | PARTIAL |
Availability (A): | PARTIAL |