Oliver Sellwood

**Name of the Vulnerable Software and Affected Versions** NVFLARE versions prior to 2.1.4 **Description** The issue concerns deserialization of untrusted data due to Pickle usage, which may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and impact both Confidentiality and Integrity. **Recommendations** For versions prior to 2.1.4, update to version 2.1.4, which uses MessagePack instead of Pickle for serialization and deserialization. Note that some object serializations supported by Pickle are not supported by MessagePack, so users may need to convert objects to numpy or bytes before sending them to remote machines. Refer to the list of supported object types for more information.

**Name of the Vulnerable Software and Affected Versions** NVFLARE versions prior to 2.1.2 **Description** The issue is related to NVFLARE's PKI implementation module, where CA credentials are transported via pickle without safe deserialization. This may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and impact both Confidentiality and Integrity. **Recommendations** For versions prior to 2.1.2, update to version 2.1.2 to resolve the issue. As a temporary workaround, consider replacing pickle serialization with JSON and changing the code accordingly to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** NVFLARE versions prior to 2.1.2 **Description** The issue concerns the deserialization of untrusted data in the utils module of NVFLARE, where YAML files are loaded via `yaml.load()` instead of `yaml.safe load()`. This may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and impact both Confidentiality and Integrity. **Recommendations** For versions prior to 2.1.2, update to version 2.1.2 to resolve the issue. As a temporary workaround, consider changing `yaml.load()` to `yaml.safe load()` in the affected module.