Опубликовано: 24 мая 2022
Источник: github
Github: Прошло ревью
CVSS4: 9.3
CVSS3: 9.8
Описание
Ops CLI Deserialization of Untrusted Data vulnerability
Ops CLI version 2.0.4 (and earlier) is affected by a Deserialization of Untrusted Data vulnerability to achieve arbitrary code execution when the checkout_repo function is called on a maliciously crafted file. An attacker can leverage this to execute arbitrary code on the victim machine.
Пакеты
Наименование
ops-cli
pip
Затронутые версииВерсия исправления
<= 2.0.4
2.0.5
EPSS
Процентиль: 94%
0.15132
Средний
9.3 Critical
CVSS4
9.8 Critical
CVSS3
CVE ID
Дефекты
CWE-502
Связанные уязвимости
CVSS3: 9.8
nvd
больше 4 лет назад
Ops CLI version 2.0.4 (and earlier) is affected by a Deserialization of Untrusted Data vulnerability to achieve arbitrary code execution when the checkout_repo function is called on a maliciously crafted file. An attacker can leverage this to execute arbitrary code on the victim machine.
EPSS
Процентиль: 94%
0.15132
Средний
9.3 Critical
CVSS4
9.8 Critical
CVSS3
CVE ID
Дефекты
CWE-502