Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-wps3-9req-s7bt

Summary NVFLARE, versions prior to 2.1.2, contains a vulnerability in its PKI implementation module, where The CA credentials are transported via pickle and no safe deserialization. The deserialization of Untrusted Data may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity.

Aliases

alias	CVE-2022-31604

alias	GHSA-rcxc-3w2m-mp8h

alias	PYSEC-2022-231

Fixed_packages

url pkg:pypi/nvflare@2.1.2

purl pkg:pypi/nvflare@2.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hent-veuq-mfga

vulnerability	VCID-hqup-r5bc-z3gk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nvflare@2.1.2

Affected_packages

url pkg:pypi/nvflare@0.1.3

purl pkg:pypi/nvflare@0.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ckay-6d62-ekb6

vulnerability	VCID-hent-veuq-mfga

vulnerability	VCID-hqup-r5bc-z3gk

vulnerability	VCID-wps3-9req-s7bt

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nvflare@0.1.3

url pkg:pypi/nvflare@0.9.0

purl pkg:pypi/nvflare@0.9.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ckay-6d62-ekb6

vulnerability	VCID-hent-veuq-mfga

vulnerability	VCID-hqup-r5bc-z3gk

vulnerability	VCID-wps3-9req-s7bt

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nvflare@0.9.0

url pkg:pypi/nvflare@1.0.0

purl pkg:pypi/nvflare@1.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ckay-6d62-ekb6

vulnerability	VCID-hent-veuq-mfga

vulnerability	VCID-hqup-r5bc-z3gk

vulnerability	VCID-wps3-9req-s7bt

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nvflare@1.0.0

url pkg:pypi/nvflare@1.0.1

purl pkg:pypi/nvflare@1.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ckay-6d62-ekb6

vulnerability	VCID-hent-veuq-mfga

vulnerability	VCID-hqup-r5bc-z3gk

vulnerability	VCID-wps3-9req-s7bt

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nvflare@1.0.1

url pkg:pypi/nvflare@1.0.2

purl pkg:pypi/nvflare@1.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ckay-6d62-ekb6

vulnerability	VCID-hent-veuq-mfga

vulnerability	VCID-hqup-r5bc-z3gk

vulnerability	VCID-wps3-9req-s7bt

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nvflare@1.0.2

url pkg:pypi/nvflare@1.1.0

purl pkg:pypi/nvflare@1.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ckay-6d62-ekb6

vulnerability	VCID-hent-veuq-mfga

vulnerability	VCID-hqup-r5bc-z3gk

vulnerability	VCID-wps3-9req-s7bt

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nvflare@1.1.0

url pkg:pypi/nvflare@1.1.1

purl pkg:pypi/nvflare@1.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ckay-6d62-ekb6

vulnerability	VCID-hent-veuq-mfga

vulnerability	VCID-hqup-r5bc-z3gk

vulnerability	VCID-wps3-9req-s7bt

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nvflare@1.1.1

url pkg:pypi/nvflare@2.0.0

purl pkg:pypi/nvflare@2.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ckay-6d62-ekb6

vulnerability	VCID-hent-veuq-mfga

vulnerability	VCID-hqup-r5bc-z3gk

vulnerability	VCID-wps3-9req-s7bt

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nvflare@2.0.0

url pkg:pypi/nvflare@2.0.1

purl pkg:pypi/nvflare@2.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ckay-6d62-ekb6

vulnerability	VCID-hent-veuq-mfga

vulnerability	VCID-hqup-r5bc-z3gk

vulnerability	VCID-wps3-9req-s7bt

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nvflare@2.0.1

url pkg:pypi/nvflare@2.0.2

purl pkg:pypi/nvflare@2.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ckay-6d62-ekb6

vulnerability	VCID-hent-veuq-mfga

vulnerability	VCID-hqup-r5bc-z3gk

vulnerability	VCID-wps3-9req-s7bt

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nvflare@2.0.2

url pkg:pypi/nvflare@2.0.3

purl pkg:pypi/nvflare@2.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ckay-6d62-ekb6

vulnerability	VCID-hent-veuq-mfga

vulnerability	VCID-hqup-r5bc-z3gk

vulnerability	VCID-wps3-9req-s7bt

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nvflare@2.0.3

url pkg:pypi/nvflare@2.0.4

purl pkg:pypi/nvflare@2.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ckay-6d62-ekb6

vulnerability	VCID-hent-veuq-mfga

vulnerability	VCID-hqup-r5bc-z3gk

vulnerability	VCID-wps3-9req-s7bt

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nvflare@2.0.4

url pkg:pypi/nvflare@2.0.5

purl pkg:pypi/nvflare@2.0.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ckay-6d62-ekb6

vulnerability	VCID-hent-veuq-mfga

vulnerability	VCID-hqup-r5bc-z3gk

vulnerability	VCID-wps3-9req-s7bt

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nvflare@2.0.5

url pkg:pypi/nvflare@2.0.6

purl pkg:pypi/nvflare@2.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ckay-6d62-ekb6

vulnerability	VCID-hent-veuq-mfga

vulnerability	VCID-hqup-r5bc-z3gk

vulnerability	VCID-wps3-9req-s7bt

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nvflare@2.0.6

url pkg:pypi/nvflare@2.0.7

purl pkg:pypi/nvflare@2.0.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ckay-6d62-ekb6

vulnerability	VCID-hent-veuq-mfga

vulnerability	VCID-hqup-r5bc-z3gk

vulnerability	VCID-wps3-9req-s7bt

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nvflare@2.0.7

url pkg:pypi/nvflare@2.0.8

purl pkg:pypi/nvflare@2.0.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ckay-6d62-ekb6

vulnerability	VCID-hent-veuq-mfga

vulnerability	VCID-hqup-r5bc-z3gk

vulnerability	VCID-wps3-9req-s7bt

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nvflare@2.0.8

url pkg:pypi/nvflare@2.0.9

purl pkg:pypi/nvflare@2.0.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ckay-6d62-ekb6

vulnerability	VCID-hent-veuq-mfga

vulnerability	VCID-hqup-r5bc-z3gk

vulnerability	VCID-wps3-9req-s7bt

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nvflare@2.0.9

url pkg:pypi/nvflare@2.0.10

purl pkg:pypi/nvflare@2.0.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ckay-6d62-ekb6

vulnerability	VCID-hent-veuq-mfga

vulnerability	VCID-hqup-r5bc-z3gk

vulnerability	VCID-wps3-9req-s7bt

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nvflare@2.0.10

url pkg:pypi/nvflare@2.0.11

purl pkg:pypi/nvflare@2.0.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ckay-6d62-ekb6

vulnerability	VCID-hent-veuq-mfga

vulnerability	VCID-hqup-r5bc-z3gk

vulnerability	VCID-wps3-9req-s7bt

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nvflare@2.0.11

url pkg:pypi/nvflare@2.0.12

purl pkg:pypi/nvflare@2.0.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ckay-6d62-ekb6

vulnerability	VCID-hent-veuq-mfga

vulnerability	VCID-hqup-r5bc-z3gk

vulnerability	VCID-wps3-9req-s7bt

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nvflare@2.0.12

url pkg:pypi/nvflare@2.0.13

purl pkg:pypi/nvflare@2.0.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ckay-6d62-ekb6

vulnerability	VCID-hent-veuq-mfga

vulnerability	VCID-hqup-r5bc-z3gk

vulnerability	VCID-wps3-9req-s7bt

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nvflare@2.0.13

url pkg:pypi/nvflare@2.0.14

purl pkg:pypi/nvflare@2.0.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ckay-6d62-ekb6

vulnerability	VCID-hent-veuq-mfga

vulnerability	VCID-hqup-r5bc-z3gk

vulnerability	VCID-wps3-9req-s7bt

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nvflare@2.0.14

url pkg:pypi/nvflare@2.0.15

purl pkg:pypi/nvflare@2.0.15

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ckay-6d62-ekb6

vulnerability	VCID-hent-veuq-mfga

vulnerability	VCID-hqup-r5bc-z3gk

vulnerability	VCID-wps3-9req-s7bt

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nvflare@2.0.15

url pkg:pypi/nvflare@2.0.16

purl pkg:pypi/nvflare@2.0.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ckay-6d62-ekb6

vulnerability	VCID-hent-veuq-mfga

vulnerability	VCID-hqup-r5bc-z3gk

vulnerability	VCID-wps3-9req-s7bt

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nvflare@2.0.16

url pkg:pypi/nvflare@2.0.18

purl pkg:pypi/nvflare@2.0.18

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ckay-6d62-ekb6

vulnerability	VCID-hent-veuq-mfga

vulnerability	VCID-hqup-r5bc-z3gk

vulnerability	VCID-wps3-9req-s7bt

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nvflare@2.0.18

url pkg:pypi/nvflare@2.0.19

purl pkg:pypi/nvflare@2.0.19

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ckay-6d62-ekb6

vulnerability	VCID-hent-veuq-mfga

vulnerability	VCID-wps3-9req-s7bt

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nvflare@2.0.19

url pkg:pypi/nvflare@2.1.0

purl pkg:pypi/nvflare@2.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ckay-6d62-ekb6

vulnerability	VCID-hent-veuq-mfga

vulnerability	VCID-hqup-r5bc-z3gk

vulnerability	VCID-wps3-9req-s7bt

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nvflare@2.1.0

url pkg:pypi/nvflare@2.1.1

purl pkg:pypi/nvflare@2.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ckay-6d62-ekb6

vulnerability	VCID-hent-veuq-mfga

vulnerability	VCID-hqup-r5bc-z3gk

vulnerability	VCID-wps3-9req-s7bt

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nvflare@2.1.1

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-31604

reference_id

reference_type

scores

value	0.02435
scoring_system	epss
scoring_elements	0.85439
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-31604

reference_url

https://github.com/NVIDIA/NVFlare

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/NVIDIA/NVFlare

reference_url

https://github.com/NVIDIA/NVFlare/commit/fd018eea9dff925a765079a94c2f017920fcda67

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/NVIDIA/NVFlare/commit/fd018eea9dff925a765079a94c2f017920fcda67

reference_url

https://github.com/NVIDIA/NVFlare/security/advisories/GHSA-rcxc-3w2m-mp8h

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/NVIDIA/NVFlare/security/advisories/GHSA-rcxc-3w2m-mp8h

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/nvflare/PYSEC-2022-231.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/nvflare/PYSEC-2022-231.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-31604

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-31604

Weaknesses

cwe_id	502
name	Deserialization of Untrusted Data
description	The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

Exploits

Severity_range_score 9.0 - 10.0

Exploitability 0.5

Weighted_severity 9.0

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wps3-9req-s7bt

Vulnerability Instance