Lucene search
K

6 matches found

CVE
CVE
added 2026/01/01 7:3 a.m.40 views

CVE-2025-11157

CVE-2025-11157 is a high-severity remote code execution flaw in feast-dev/feast v0.53.0, due to unsafe YAML deserialization in the Kubernetes materializer (feast/sdk/python/feast/infra/compute_engines/kubernetes/main.py) where yaml.load(..., Loader=yaml.Loader) processes /var/feast/feature_store....

7.8CVSS8.2AI score0.00264EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/05/03 3:54 p.m.3 views

activerecord: Possible RCE escalation bug with Serialized Columns in Active Record

An insecure deserialization flaw was found in Active Record, which uses YAML.unsafeload to convert the YAML data into Ruby objects. An attacker supplying crafted data to the database can perform remote code execution RCE, resulting in complete system compromise...

9.8CVSS7.3AI score0.02386EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2023/03/07 7:10 p.m.5 views

activerecord: Possible RCE escalation bug with Serialized Columns in Active Record

An insecure deserialization flaw was found in Active Record, which uses YAML.unsafeload to convert the YAML data into Ruby objects. An attacker supplying crafted data to the database can perform remote code execution RCE, resulting in complete system compromise...

9.8CVSS7.3AI score0.02386EPSS
Exploits1References5
Snyk
Snyk
added 2022/07/13 8:48 a.m.3 views

Remote Code Execution (RCE)

Overview activerecord is a library for databases on Rails. Affected versions of this package are vulnerable to Remote Code Execution RCE. When serialized columns that use YAML the default are deserialized, Rails uses YAML.unsafeload to convert the YAML data in to Ruby objects. If an attacker can...

9.8CVSS8.1AI score0.02386EPSS
Exploits1References2
OSV
OSV
added 2020/05/22 5:15 p.m.5 views

CVE-2020-13388

An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safeload is not used...

9.8CVSS6AI score0.04422EPSS
Exploits1References3
Veracode
Veracode
added 2019/04/16 2:32 a.m.8 views

Arbitrary Code Execution

js-yaml is vulnerable to arbitrary code execution. The vulnerability exists through the usage of unsafe load function, which allows attackers to inject arbitrary code via a malicious YAML file using objects that have toString as key, JavaScript code as value and are used as explicit mapping keys...

7.2AI score
Exploits0
Rows per page
Query Builder