9.8

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2022-31605

GHSA ID

GHSA-hrf3-622q-8366

EPSS Score

0.8462%

CWE

CWE-502

Published

6/22/2022

Updated

9/2/2023

KEV Status

Technology

Python

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-31605

CVE-2022-31605: Unsafe yaml deserialization in NVFlare

Impact

NVFLARE contains a vulnerability in its utils module, where YAML files are loaded via yaml.load() instead of yaml.safe_load(). The deserialization of Untrusted Data, may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity.

All versions before 2.1.2 are affected. CVSS Score = 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Patches

The patch will be included in nvflare==2.1.2

Workarounds

Change yaml.load() to yaml.safe_load()

Additional information

Issue Found by: Oliver Sellwood (@Nintorac)

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2022-31605

CVE-2022-31605:

9.8

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2022-31605

GHSA ID

GHSA-hrf3-622q-8366

EPSS Score

0.8462%

CWE

CWE-502

Published

6/22/2022

Updated

9/2/2023

KEV Status

Technology

Python

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
nvflare	pip	< 2.1.2	2.1.2

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from unsafe YAML deserialization via PyYAML's yaml.load() method. The commit diff shows the vulnerable implementation was in utils.py's load_yaml function, which directly used yaml.load() with the default unsafe Loader. This matches the CWE-502 pattern and the advisory's root cause description. The patch explicitly changes this to yaml.safe_load(), confirming this was the vulnerable function.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

9.8

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2022-31605: Unsafe yaml deserialization in NVFlare

Impact

Patches

Workarounds

Additional information

CVE-2022-31605:

9.8

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2022-31605: Unsafe yaml deserialization in NVFlare

Impact

Patches

Workarounds

Additional information

Basic Information

Basic Information

Technical Details

9.8

9.8

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI