CVE-2021-22557

Опубликовано: 04 окт. 2021

Источник: nvd

CVSS3: 5.3

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

SLO generator allows for loading of YAML files that if crafted in a specific format can allow for code execution within the context of the SLO Generator. We recommend upgrading SLO Generator past https://github.com/google/slo-generator/pull/173

Ссылки

http://packetstormsecurity.com/files/164426/Google-SLO-Generator-2.0.0-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry
https://github.com/google/slo-generator/pull/173
Exploit
Patch
Third Party Advisory
http://packetstormsecurity.com/files/164426/Google-SLO-Generator-2.0.0-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry
https://github.com/google/slo-generator/pull/173
Exploit
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:google:slo_generator:*:*:*:*:*:*:*:*

Версия до 2.0.1 (исключая)

EPSS

Процентиль: 67%

0.00537

Низкий

5.3 Medium

CVSS3

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-94

CWE-78

Связанные уязвимости

GHSA-j28r-j54m-gpc4

CVSS3: 5.3

github

больше 4 лет назад

Code Injection in SLO Generator

EPSS

Процентиль: 67%

0.00537

Низкий

5.3 Medium

CVSS3

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-94

CWE-78