You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello, I seem to have discovered a vulnerability in this project. The code corresponding to the vulnerability is located at delta = pickle.loads(request.data).(https://github.com/maxpumperla/elephas/blob/master/elephas/parameter/server.py#L118) The data value in the request request is directly deserialized, and data is all the content in the post. , which is controllable content on the client side. By transmitting malicious serialization code, arbitrary code can be remotely executed, so there is a deserialization vulnerability.
The text was updated successfully, but these errors were encountered:
Hello, I seem to have discovered a vulnerability in this project. The code corresponding to the vulnerability is located at delta = pickle.loads(request.data).(https://github.com/maxpumperla/elephas/blob/master/elephas/parameter/server.py#L118) The data value in the request request is directly deserialized, and data is all the content in the post. , which is controllable content on the client side. By transmitting malicious serialization code, arbitrary code can be remotely executed, so there is a deserialization vulnerability.
The text was updated successfully, but these errors were encountered: