Vulnerability Description
Horovod versions up to and including v0.28.1 are vulnerable to unauthenticated remote code execution. The vulnerability is due to improper handling of base64-encoded data in the `ElasticRendezvousHandler`, a subclass of `KVStoreHandler`. Specifically, the `_put_value` method in `ElasticRendezvousHandler` calls `codec.loads_base64(value)`, which eventually invokes `cloudpickle.loads(decoded)`. This allows an attacker to send a malicious pickle object via a PUT request, leading to arbitrary code execution on the server.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Horovod | Horovod | <= 0.28.1 |
Related Weaknesses (CWE)
References
- https://huntr.com/bounties/3e398d1f-70c2-4e05-ae22-f5d66b19a754ExploitIssue TrackingThird Party Advisory
FAQ
What is CVE-2024-10190?
CVE-2024-10190 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Horovod versions up to and including v0.28.1 are vulnerable to unauthenticated remote code execution. The vulnerability is due to improper handling of base64-encoded data in the `ElasticRendezvousHand...
How severe is CVE-2024-10190?
CVE-2024-10190 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-10190?
Check the references section above for vendor advisories and patch information. Affected products include: Horovod Horovod.