Horovod Horovod vulnerabilities
2 known vulnerabilities affecting horovod/horovod_horovod.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2024-10190P2CRITICALCVSS 9.8≥ unspecified, ≤ latest2025-03-20
CVE-2024-10190 [CRITICAL] CWE-502 CVE-2024-10190: Horovod versions up to and including v0.28.1 are vulnerable to unauthenticated remote code execution
Horovod versions up to and including v0.28.1 are vulnerable to unauthenticated remote code execution. The vulnerability is due to improper handling of base64-encoded data in the `ElasticRendezvousHandler`, a subclass of `KVStoreHandler`. Specifically, the `_put_value` method in `ElasticRendezvousHandler` calls `codec.loads_base64(value)`, which ev
nvd
CVE-2022-0315P4HIGHCVSS 7.5≥ unspecified, < 0.24.02022-03-24
CVE-2022-0315 [HIGH] CWE-377 CVE-2022-0315: Insecure Temporary File in GitHub repository horovod/horovod prior to 0.24.0.
Insecure Temporary File in GitHub repository horovod/horovod prior to 0.24.0.
nvd