9.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-31605

GHSA ID

GHSA-hrf3-622q-8366

EPSS Score

0.84479%

CWE

CWE-502

Published

6/22/2022

Updated

9/2/2023

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-31605

CVE-2022-31605: Unsafe yaml deserialization in NVFlare

Impact

NVFLARE contains a vulnerability in its utils module, where YAML files are loaded via yaml.load() instead of yaml.safe_load(). The deserialization of Untrusted Data, may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity.

All versions before 2.1.2 are affected. CVSS Score = 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Patches

The patch will be included in nvflare==2.1.2

Workarounds

Change yaml.load() to yaml.safe_load()

Additional information

Issue Found by: Oliver Sellwood (@Nintorac)

(GitHub Advisory)

9.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-31605

GHSA ID

GHSA-hrf3-622q-8366

EPSS Score

0.84479%

CWE

CWE-502

Published

6/22/2022

Updated

9/2/2023

KEV Status

Technology

Python

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
nvflare	pip	< 2.1.2	2.1.2

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from unsafe YAML deserialization via PyYAML's yaml.load() method. The commit diff shows the vulnerable implementation was in utils.py's load_yaml function, which directly used yaml.load() with the default unsafe Loader. This matches the CWE-502 pattern and the advisory's root cause description. The patch explicitly changes this to yaml.safe_load(), confirming this was the vulnerable function.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t NV*L*R* *ont*ins * vuln*r**ility in its utils mo*ul*, w**r* Y*ML *il*s *r* lo**** vi* y*ml.lo**() inst*** o* y*ml.s***_lo**(). T** **s*ri*liz*tion o* Untrust** **t*, m*y *llow *n unprivil**** n*twork *tt**k*r to **us* R*mot* *o** *x**ution

Reasoning

T** vuln*r**ility st*ms *rom uns*** Y*ML **s*ri*liz*tion vi* PyY*ML's y*ml.lo**() m*t*o*. T** *ommit *i** s*ows t** vuln*r**l* impl*m*nt*tion w*s in utils.py's lo**_y*ml *un*tion, w*i** *ir**tly us** y*ml.lo**() wit* t** ****ult uns*** Lo***r. T*is m

9.8

Basic Information

Concerned about an active attack path?

CVE-2022-31605: Unsafe yaml deserialization in NVFlare

Impact

Patches

Workarounds

Additional information

9.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI