CVE-2022-21822: 
Python vulnerability analysis and mitigation

NVIDIA FLARE contains a vulnerability in the admin interface (CVE-2022-21822) that was discovered on March 17, 2022. The vulnerability affects all versions of NVIDIA FLARE before 2.0.16, where an unauthorized attacker can cause Allocation of Resources Without Limits or Throttling, potentially leading to system unavailability (GitHub Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (High), with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. This indicates that the vulnerability can be exploited over the network, requires low attack complexity, needs no privileges or user interaction, and while it doesn't affect confidentiality or integrity, it has a high impact on availability (GitHub Advisory).

The primary impact of this vulnerability is on system availability. When exploited, it can cause the system to become unavailable due to unrestricted resource allocation. The vulnerability specifically affects the admin interface of NVIDIA FLARE, with no impact on data confidentiality or integrity (GitHub Advisory).

The vulnerability has been patched in NVIDIA FLARE version 2.0.16. For users unable to upgrade immediately, workarounds are available by applying the changes in commits 93588b3, which can be implemented on any version of NVIDIA FLARE without adverse effects (GitHub Advisory).