horovod CVE 脆弱性と CVE 一覧(2)

製品(CPE): — CVE 件数: 2

horovod 脆弱性概要

This page aggregates publicly disclosed CVE and security risk information related to horovod, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.

脆弱性分布の推移(直近24か月)

表示中 12 / 2 CVE 件数
«« 先頭 « 前へ 1 / 1 次へ »
CVE 概要 ソース CVSS 最大値 EPSS(%) 公開 更新
CVE-2024-10190 Horovod versions up to and including v0.28.1 are vulnerable to unauthenticated remote code execution. The vulnerability is due to improper handling of base64-encoded data in the `ElasticRendezvousHandler`, a subclass of `KVStoreHandler`. Specifically, the `_put_value` method in `ElasticRendezvousHandler` calls `codec.loads_base64(value)`, which eventually invokes `cloudpickle.loads(decoded)`. This allows an attacker to send a malicious pickle object via a PUT request, leading to arbitrary code e [email protected] 9.8 1.02% 2025-03-20 2026-06-17
CVE-2022-0315 Insecure Temporary File in GitHub repository horovod/horovod prior to 0.24.0. [email protected] 7.5 0.92% 2022-03-24 2026-06-17
«« 先頭 « 前へ 1 / 1 次へ »
cvelogic Threat Intelligence