'[oss-security] CVE-2021-40146: A Remote Code Execution (RCE) vulnerability exists in Apache Any23 YA'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2021-40146: A Remote Code Execution (RCE) vulnerability exists in Apache Any23 YA
From:       lewis john mcgibbney <lewismc () apache ! org>
Date:       2021-09-10 20:40:14
Message-ID: CAGaRif362BLKb+aaprbykjHDv+SDjex3BKRCH6Zpaazz82_Uvg () mail ! gmail ! com
[Download RAW message or body]

Description:

A Remote Code Execution (RCE) vulnerability was discovered in the
Any23 YAMLExtractor.java file and is known to affect Any23 versions <
2.5. RCE vulnerabilities allow a malicious actor to execute any code
of their choice on a remote machine over LAN, WAN, or internet. RCE
belongs to the broader class of arbitrary code execution (ACE)
vulnerabilities.

Credit:

The Apache Any23 Project Management Committee would like to thank
Zhuxuan Wu for reporting the security vulnerability.

-- 
http://home.apache.org/~lewismc/
http://people.apache.org/keys/committer/lewismc

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic