AVID-2026-R1183

Description

vantage6’s Pickle serialization is insecure (CVE-2023-23930)

Details

vantage6 is privacy preserving federated learning infrastructure. Versions prior to 4.0.0 use pickle, which has known security issue, as a default serialization module but that has known security issues. All users of vantage6 that post tasks with the default serialization are affected. Version 4.0.0 contains a patch. Users may specify JSON serialization as a workaround.

Reason for inclusion in AVID: CVE-2023-23930 concerns insecure deserialization via Python’s pickle in vantage6 prior to 4.0.0, enabling an attacker to influence task serialization in a federated learning platform. This is a software vulnerability in a component used to build/deploy AI workflows, i.e., an AI supply chain component. It affects AI systems (federated learning/inference orchestrations) and is a CVE-style security vulnerability with clear evidence (CWE-502, CVSS). So it meets AVID criteria for AI-related, GP AI supply chain, security vulnerability, and sufficent evidence.

References

• NVD entry
• https://github.com/vantage6/vantage6/security/advisories/GHSA-5m22-cfq9-86x6
• https://github.com/vantage6/vantage6/commit/e62f03bacf2247bd59eed217e2e7338c3a01a5f0
• https://github.com/vantage6/vantage6/blob/0682c4288f43fee5bcc72dc448cdd99bd7e57f76/docs/release_notes.rst#400
• https://medium.com/ochrona/python-pickle-is-notoriously-insecure-d6651f1974c9

Affected or Relevant Artifacts

• Developer: vantage6
• Deployer: vantage6
• Artifact Details:

Impact

AVID Taxonomy Categorization

• Risk domains: Security
• SEP subcategories: S0100: Software Vulnerability
• Lifecycle stages: L06: Deployment

CVSS

CWE

Other information

• Report Type: Advisory
• Credits:
• Date Reported: 2023-10-11
• Version: 0.3.3
• AVID Entry