Lucene search
FacebookCVELIST:CVE-2021-24040HistorySep 10, 2021 - 10:10 p.m.
CVE-2021-24040
2021-09-1022:10:10
CWE-502
facebook
www.cve.org
3
Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks. This issue affects ParlAI prior to v1.1.0.
CNA Affected
[
{
"product": "ParlAI",
"vendor": "Facebook",
"versions": [
{
"lessThan": "unspecified",
"status": "unaffected",
"version": "1.1.0",
"versionType": "custom"
},
{
"lessThan": "1.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2021-24040
2021-09-10 22:15:07
zdt
zdt
packetstorm
packetstorm
Facebook ParlAI 1.0.0 Code Execution / Deserialization
2021-09-14 00:00:00
cve
cve
CVE-2021-24040
2021-09-10 22:15:07
github
github
Deserialization of Untrusted Data in ParlAI
2021-09-13 20:06:14
prion
prion
Design/Logic Flaw
2021-09-10 22:15:00
osv
osv
exploitdb
exploitdb
Facebook ParlAI 1.0.0 - Deserialization of Untrusted Data in parlai
2021-09-13 00:00:00