Lucene search

[email protected]NVD:CVE-2024-35060

HistoryMay 21, 2024 - 7:15 p.m.

CVE-2024-35060

2024-05-2119:15:10

CWE-319

[email protected]

web.nvd.nist.gov

nasa ait-core

v2.5.2

yaml

python library

command execution

vulnerability

CVSS3

7.5

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

Percentile

9.3%

JSON

An issue in the YAML Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands via supplying a crafted YAML file.

References

github.com/advisories/GHSA-45q4-h8rr-hgx2

www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-ujkze

CVSS3

7.5

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

Percentile

9.3%

JSON

Related for NVD:CVE-2024-35060

cvelist1 cve1 vulnrichment1