Code Execution Bug Affects Yamale Python Package — Used by Over 200 ProjectsThe Hacker News

Torna a Articoli

Code Execution Bug Affects Yamale Python Package — Used by Over 200 ProjectsThe Hacker News

A high-severity code injection vulnerability has been disclosed in 23andMe’s Yamale, a schema and validator for YAML, that could be trivially exploited by adversaries to execute arbitrary Python code.
The flaw, tracked as CVE-2021-38305 (CVSS score: 7.8), involves manipulating the schema file provided as input to the tool to circumvent protections and achieve code execution. Particularly, the Read More

Condividi questo post

Torna a Articoli
Generated by Feedzy