Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-jx8f-cpx7-fv47

GitHub Security Advisory

Allocation of Resources Without Limits or Throttling in nvflare

✓ GitHub Reviewed HIGH Has CVE
View on GitHub

Advisory Details

### Impact
NVIDIA FLARE contains a vulnerability in Admin Interface, where an un-authorized attacker can cause Allocation of Resources Without Limits or Throttling, which may lead to cause system unavailable

All versions before 2.0.16 are affected.

### Patches
The patch will be included in nvflare==2.0.16.

### Workarounds
The changes in commits https://github.com/NVIDIA/NVFlare/commit/93588b3a0dff9bd4568983071b74d8b420de3a6e and https://github.com/NVIDIA/NVFlare/commit/93588b3a0dff9bd4568983071b74d8b420de3a6e can be applied to any version of the NVIDIA FLARE without any adverse effect.

### Additional information
Issue Found on: 2022.3.3
Issue Found by: Oliver Sellwood (@Nintorac)

Affected Packages

PyPI nvflare
Affected versions: 0 (fixed in 2.0.16)

Related CVEs

CVE-2022-21822

Key Information

GHSA ID
GHSA-jx8f-cpx7-fv47
Published
March 18, 2022 11:18 PM
Last Modified
March 18, 2022 11:18 PM
CVSS Score
7.5 /10
Primary Ecosystem
PyPI
Primary Package
nvflare
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 5, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.