Описание
An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. This issue impacts Checkov 2.0 versions earlier than Checkov 2.0.139. Checkov 1.0 versions are not impacted.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 2.0.0 (включая) до 2.0.139 (исключая)
cpe:2.3:a:paloaltonetworks:bridgecrew_checkov:*:*:*:*:*:*:*:*
EPSS
Процентиль: 87%
0.03376
Низкий
6.7 Medium
CVSS3
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-502
CWE-502
Связанные уязвимости
github
больше 3 лет назад
An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. This issue impacts Checkov 2.0 versions earlier than Checkov 2.0.139. Checkov 1.0 versions are not impacted.
EPSS
Процентиль: 87%
0.03376
Низкий
6.7 Medium
CVSS3
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-502
CWE-502