HIGH🇵🇱 Wersja polska

CVE-2024-21649

CVSS 8.8v3.1pub. 2024-01-30upd. 2024-11-21

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Prior to 4.2.0, authenticated users could inject code into algorithm environment variables, resulting in remote code execution. This vulnerability is patched in 4.2.0.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Vantage6

    APP
    Vantage6
    < 4.2.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2023-47631HIGH7.2ten sam produkt

vantage6 is a framework to manage and deploy privacy enhancing technologies like Federated Learning (FL) and M...

CVE-2023-23929HIGH8.8ten sam produkt

vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Currently, the...

CVE-2024-24770MEDIUM5.3ten sam produkt

vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Fe...

CVE-2024-23823MEDIUM4.2ten sam produkt

vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Fe...

CVE-2024-21653MEDIUM6.5ten sam produkt

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (F...