HIGH🇬🇧 English

CVE-2024-21649

CVSS 8.8v3.1pub. 2024-01-30upd. 2024-11-21

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Prior to 4.2.0, authenticated users could inject code into algorithm environment variables, resulting in remote code execution. This vulnerability is patched in 4.2.0.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Vantage6

    APP
    Vantage6
    < 4.2.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2023-47631HIGH7.2ten sam produkt

vantage6 is a framework to manage and deploy privacy enhancing technologies like Federated Learning (FL) and M...

CVE-2023-23929HIGH8.8ten sam produkt

vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Currently, the...

CVE-2024-24770MEDIUM5.3ten sam produkt

vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Fe...

CVE-2024-23823MEDIUM4.2ten sam produkt

vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Fe...

CVE-2024-21653MEDIUM6.5ten sam produkt

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (F...

CVE-2024-21649 — HIGH 8.8 | CVEbaza.pl