VDB
EN
HIGH 7.5

PYSEC-2026-695

Allocation of Resources Without Limits or Throttling in nvflare

상세

### Impact NVIDIA FLARE contains a vulnerability in Admin Interface, where an un-authorized attacker can cause Allocation of Resources Without Limits or Throttling, which may lead to cause system unavailable

All versions before 2.0.16 are affected.

### Patches The patch will be included in nvflare==2.0.16.

### Workarounds The changes in commits https://github.com/NVIDIA/NVFlare/commit/93588b3a0dff9bd4568983071b74d8b420de3a6e and https://github.com/NVIDIA/NVFlare/commit/93588b3a0dff9bd4568983071b74d8b420de3a6e can be applied to any version of the NVIDIA FLARE without any adverse effect.

### Additional information Issue Found on: 2022.3.3 Issue Found by: Oliver Sellwood (@Nintorac)

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / nvflare
최초 영향 버전: 0 수정 버전: 2.0.16
수정 pip install --upgrade 'nvflare>=2.0.16'

참고