The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Prior to 4.2.0, authenticated users could inject code into algorithm environment variables, resulting in remote code execution. This vulnerability is patched in 4.2.0.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-01-30T15:33:03.404Z
Updated: 2024-01-30T15:34:49.560Z
Reserved: 2023-12-29T16:10:20.366Z
Link: CVE-2024-21649
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-01-30T16:15:47.653
Modified: 2024-02-08T16:43:53.780
Link: CVE-2024-21649
JSON object: View
Redhat Information
No data.
CWE