The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Prior to 4.2.0, authenticated users could inject code into algorithm environment variables, resulting in remote code execution. This vulnerability is patched in 4.2.0.
References
Configurations
History
21 Nov 2024, 08:54
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/vantage6/vantage6/commit/eac19db737145d3ca987adf037a454fae0790ddd - Patch | |
References | () https://github.com/vantage6/vantage6/security/advisories/GHSA-w9h2-px87-74vx - Vendor Advisory |
08 Feb 2024, 16:43
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/vantage6/vantage6/commit/eac19db737145d3ca987adf037a454fae0790ddd - Patch | |
References | () https://github.com/vantage6/vantage6/security/advisories/GHSA-w9h2-px87-74vx - Vendor Advisory | |
First Time |
Vantage6 vantage6
Vantage6 |
|
CPE | cpe:2.3:a:vantage6:vantage6:*:*:*:*:*:*:*:* |
30 Jan 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-30 16:15
Updated : 2024-11-21 08:54
NVD link : CVE-2024-21649
Mitre link : CVE-2024-21649
CVE.ORG link : CVE-2024-21649
JSON object : View
Products Affected
vantage6
- vantage6
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')