Vulnerability CVE-2021-24040
Published: 2021-09-10   Modified: 2021-09-11

Description:
Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks. This issue affects ParlAI prior to v1.1.0.

See advisories in our WLB2 database:
Topic
Author
Date
High
Facebook ParlAI 1.0.0 Deserialization of Untrusted Data in parlai
Abhiram V
13.09.2021

 References:
https://github.com/facebookresearch/ParlAI/releases/tag/v1.1.0
https://github.com/facebookresearch/ParlAI/security/advisories/GHSA-m87f-9fvv-2mgg
Copyright 2024, cxsecurity.com

 

Back to Top