Home

CVE-2021-24040

Description

Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks. This issue affects ParlAI prior to v1.1.0.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
36.239

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2021-24040,CVE-2021-39207 are fixed in Python-parlai 1.1.0Windows
Vulnerabilities CVE-2021-24040,CVE-2021-39207 are fixed in Python-parlai for linux 1.1.0Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234