CVE-2022-21822

Name of the Vulnerable Software and Affected Versions NVIDIA FLARE versions prior to 2.0.16

Description The issue is related to the admin interface of NVIDIA FLARE, where an unauthorized attacker can cause allocation of resources without limits or throttling, potentially leading to system unavailability.

Recommendations For versions prior to 2.0.16, update to version 2.0.16 to resolve the issue. As a temporary workaround, apply the changes in commits https://github.com/NVIDIA/NVFlare/commit/93588b3a0dff9bd4568983071b74d8b420de3a6e to any version of NVIDIA FLARE without adverse effects.