One Article Review
| Source |  The Hacker News |
|---|---|
| Identifiant | 3482850 |
| Date de publication | 2021-10-07 04:50:04 (vue: 2021-10-07 12:06:06) |
| Titre | Code Execution Bug Affects Yamale Python Package - Used by Over 200 Projects |
| Texte | A high-severity code injection vulnerability has been disclosed in 23andMe's Yamale, a schema and validator for YAML, that could be trivially exploited by adversaries to execute arbitrary Python code.
The flaw, tracked as CVE-2021-38305 (CVSS score: 7.8), involves manipulating the schema file provided as input to the tool to circumvent protections and achieve code execution. Particularly, the |
| Notes | |
| Envoyé | Oui |
| Condensat | 200 2021 23andme 38305 achieve adversaries affects arbitrary as cve been bug circumvent code could cvss disclosed execute execution exploited file flaw has high injection input involves manipulating over package particularly projects protections provided python schema score: severity the tool tracked trivially used validator vulnerability yamale yaml |
| Tags | Tool Vulnerability |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.