CVE-2024-21649

Name of the Vulnerable Software and Affected Versions vantage6 versions prior to 4.2.0

Description The vantage6 technology is used to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Authenticated users could inject code into algorithm environment variables, resulting in remote code execution.

Recommendations For versions prior to 4.2.0, update to version 4.2.0 to resolve the issue. As a temporary workaround, consider restricting access to algorithm environment variables to prevent code injection until the update is applied.