Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-2qqg-5pcx-4jv3

Опубликовано: 14 мар. 2024
Источник: github
Github: Не прошло ревью
CVSS3: 9.8

Описание

Airflow-Diagrams v2.1.0 was discovered to contain an arbitrary file upload vulnerability in the unsafe_load function at cli.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted YML file.

Airflow-Diagrams v2.1.0 was discovered to contain an arbitrary file upload vulnerability in the unsafe_load function at cli.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted YML file.

Ссылки

EPSS

Процентиль: 31%
0.00115
Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2024-28423

Дефекты

CWE-434

Связанные уязвимости

nvd логотип

CVE-2024-28423

CVSS3: 9.8
nvd
почти 2 года назад

Airflow-Diagrams v2.1.0 was discovered to contain an arbitrary file upload vulnerability in the unsafe_load function at cli.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted YML file.

EPSS

Процентиль: 31%
0.00115
Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2024-28423

Дефекты

CWE-434