{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T05:06:43.998","vulnerabilities":[{"cve":{"id":"CVE-2024-21649","sourceIdentifier":"security-advisories@github.com","published":"2024-01-30T16:15:47.653","lastModified":"2024-11-21T08:54:48.030","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Prior to 4.2.0, authenticated users could inject code into algorithm environment variables, resulting in remote code execution.  This vulnerability is patched in 4.2.0."},{"lang":"es","value":"La tecnología vantage6 permite gestionar e implementar tecnologías que mejoran la privacidad, como el Federated Learning (FL) y la Multi-Party Computation (MPC). Antes de 4.2.0, los usuarios autenticados podían inyectar código en variables de entorno de algoritmos, lo que daba como resultado la ejecución remota de código. Esta vulnerabilidad está parcheada en 4.2.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vantage6:vantage6:*:*:*:*:*:*:*:*","versionEndExcluding":"4.2.0","matchCriteriaId":"A9E3A3A7-C004-4E76-B2A3-46F0F1C68AD4"}]}]}],"references":[{"url":"https://github.com/vantage6/vantage6/commit/eac19db737145d3ca987adf037a454fae0790ddd","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/vantage6/vantage6/security/advisories/GHSA-w9h2-px87-74vx","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://github.com/vantage6/vantage6/commit/eac19db737145d3ca987adf037a454fae0790ddd","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/vantage6/vantage6/security/advisories/GHSA-w9h2-px87-74vx","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}