[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2021-40146: A Remote Code Execution (RCE) vulnerability exists in Apache Any23 YA
From: lewis john mcgibbney <lewismc () apache ! org>
Date: 2021-09-10 20:40:14
Message-ID: CAGaRif362BLKb+aaprbykjHDv+SDjex3BKRCH6Zpaazz82_Uvg () mail ! gmail ! com
[Download RAW message or body]
Description:
A Remote Code Execution (RCE) vulnerability was discovered in the
Any23 YAMLExtractor.java file and is known to affect Any23 versions <
2.5. RCE vulnerabilities allow a malicious actor to execute any code
of their choice on a remote machine over LAN, WAN, or internet. RCE
belongs to the broader class of arbitrary code execution (ACE)
vulnerabilities.
Credit:
The Apache Any23 Project Management Committee would like to thank
Zhuxuan Wu for reporting the security vulnerability.
--
http://home.apache.org/~lewismc/
http://people.apache.org/keys/committer/lewismc
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic