Lucene search

MitreCVE-2024-35060

HistoryMay 21, 2024 - 7:15 p.m.

CVE-2024-35060

2024-05-2119:15:10

CWE-319

mitre

web.nvd.nist.gov

nasa

ait-core

v2.5.2

yaml

python

vulnerability

arbitrary command execution

crafted yaml file

CVSS3

7.5

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

Percentile

9.3%

JSON

An issue in the YAML Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands via supplying a crafted YAML file.

References

github.com/advisories/GHSA-45q4-h8rr-hgx2

www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-ujkze

CVSS3

7.5

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

Percentile

9.3%

JSON

Related for CVE-2024-35060