CVE-2020-8441

Опубликовано: 19 фев. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

JYaml through 1.3 allows remote code execution during deserialization of a malicious payload through the load() function. NOTE: this is a discontinued product.

Ссылки

https://gist.github.com/j0lt-github/f5141abcacae63d434ecae211422153a
Exploit
Third Party Advisory
https://github.com/mbechler/marshalsec
Third Party Advisory
https://github.com/mbechler/marshalsec/blob/master/marshalsec.pdf
Technical Description
Third Party Advisory
https://security.netapp.com/advisory/ntap-20200313-0001/
https://sourceforge.net/p/jyaml/bugs/
Third Party Advisory
https://gist.github.com/j0lt-github/f5141abcacae63d434ecae211422153a
Exploit
Third Party Advisory
https://github.com/mbechler/marshalsec
Third Party Advisory
https://github.com/mbechler/marshalsec/blob/master/marshalsec.pdf
Technical Description
Third Party Advisory
https://security.netapp.com/advisory/ntap-20200313-0001/
https://sourceforge.net/p/jyaml/bugs/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jyaml_project:jyaml:*:*:*:*:*:*:*:*

Версия до 1.3 (включая)

EPSS

Процентиль: 92%

0.0758

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-502

Связанные уязвимости

GHSA-4qhr-q7wf-94xp