CVE-2024-10190

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-10190
Horovod versions up to and including v0.28.1 are vulnerable to unauthenticated remote code execution. The vulnerability is due to improper handling of base64-encoded data in the `ElasticRendezvousHandler`, a subclass of `KVStoreHandler`. Specifically, the `_put_value` method in `ElasticRendezvousHandler` calls `codec.loads_base64(value)`, which eventually invokes `cloudpickle.loads(decoded)`. This allows an attacker to send a malicious pickle object via a PUT request, leading to arbitrary code execution on the server.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://huntr.com/bounties/3e398d1f-70c2-4e05-ae22-f5d66b19a754
Configurations

No configuration.

History

15 Oct 2025, 13:15

Type Values Removed Values Added
Summary
  • (es) Las versiones de Horovod hasta la v0.28.1 incluida son vulnerables a la ejecución remota de código no autenticado. Esta vulnerabilidad se debe a la gestión inadecuada de datos codificados en base64 en `ElasticRendezvousHandler`, una subclase de `KVStoreHandler`. Específicamente, el método `_put_value` de `ElasticRendezvousHandler` llama a `codec.loads_base64(value)`, que finalmente invoca a `cloudpickle.loads(decoded)`. Esto permite a un atacante enviar un objeto pickle malicioso mediante una solicitud PUT, lo que provoca la ejecución de código arbitrario en el servidor.
CWE CWE-77 CWE-502

20 Mar 2025, 10:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-03-20 10:15

Updated : 2025-10-15 13:15

NVD link : CVE-2024-10190

Mitre link : CVE-2024-10190

CVE.ORG link : CVE-2024-10190

JSON object : View

Products Affected

No product.

CWE
CWE-502

Deserialization of Untrusted Data