12end comments

Repositories
Issues
Comments

Results 2 comments of


                                            12end

Security Vulnerability Report: Arbitrary Code Execution via Deserialization in dlrover's GRPC Service

Replacing GRPC and pickle with HTTP and JSON can reduce the risk associated with pickle deserialization vulnerabilities. JSON is indeed generally safer as it doesn't have the same built-in ability...

Security Vulnerability Report: Arbitrary Code Execution via Deserialization in dlrover's GRPC Service

The deserialization code is used from here on https://github.com/intelligent-machine-learning/dlrover/commit/e92fc20b7c28678df8aa3f735c365c91aeed5b96#diff-55f4adaa04015061f621cf129479695bfb877e1dad2d16c5caacb8c14959e7fc