nvflare 2.7.2rc5

Direct Vulnerabilities

Known vulnerabilities in the nvflare package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
C Authorization Bypass Through User-Controlled Key nvflare is a Federated Learning Application Runtime Environment Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the user management and authentication process. An attacker can gain unauthorized access, escalate privileges, tamper with data, disclose sensitive information, execute arbitrary code, or cause service disruption by exploiting a user-controlled key. How to fix Authorization Bypass Through User-Controlled Key? Upgrade `nvflare` to version 2.7.2 or higher.	[,2.7.2)
H Deserialization of Untrusted Data nvflare is a Federated Learning Application Runtime Environment Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the `FOBS` process. An attacker can achieve arbitrary code execution by sending a specially crafted FOBS-encoded message containing malicious serialized data. How to fix Deserialization of Untrusted Data? Upgrade `nvflare` to version 2.7.2 or higher.	[,2.7.2)
H Improper Input Validation nvflare is a Federated Learning Application Runtime Environment Affected versions of this package are vulnerable to Improper Input Validation via the `path traversal` process. An attacker can access sensitive information by submitting crafted input that is not properly validated. How to fix Improper Input Validation? Upgrade `nvflare` to version 2.7.2 or higher.	[,2.7.2)

Vulnerability

Vulnerable Version

Authorization Bypass Through User-Controlled Key

nvflare is a Federated Learning Application Runtime Environment

Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the user management and authentication process. An attacker can gain unauthorized access, escalate privileges, tamper with data, disclose sensitive information, execute arbitrary code, or cause service disruption by exploiting a user-controlled key.

How to fix Authorization Bypass Through User-Controlled Key?

Upgrade nvflare to version 2.7.2 or higher.

[,2.7.2)

Deserialization of Untrusted Data

nvflare is a Federated Learning Application Runtime Environment

Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the FOBS process. An attacker can achieve arbitrary code execution by sending a specially crafted FOBS-encoded message containing malicious serialized data.

How to fix Deserialization of Untrusted Data?

Upgrade nvflare to version 2.7.2 or higher.

[,2.7.2)

Improper Input Validation

nvflare is a Federated Learning Application Runtime Environment

Affected versions of this package are vulnerable to Improper Input Validation via the path traversal process. An attacker can access sensitive information by submitting crafted input that is not properly validated.

How to fix Improper Input Validation?

Upgrade nvflare to version 2.7.2 or higher.

[,2.7.2)

nvflare@2.7.2rc5

Federated Learning Application Runtime Environment

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically