melange has Path Traversal When Resolving External Pipelines via Unvalidated pipeline[].uses

An attacker who can influence a melange configuration file — for example through pull-request-driven CI or build-as-a-service scenarios — could set pipeline.uses to a value containing ../ sequences or an absolute path. The Compiled.compilePipeline function in pkg/build/compile.go passed uses...

CVE-2026-27598 Dagu: Path traversal in DAG creation allows arbitrary YAML file write outside DAGs directory

Dagu is a workflow engine with a built-in Web user interface. In versions up to and including 1.16.7, the CreateNewDAG API endpoint POST /api/v1/dags does not validate the DAG name before passing it to the file store. An authenticated user with DAG write permissions can write arbitrary YAML files...

CVE-2021-47812 GravCMS 1.10.7 - Arbitrary YAML Write/Update (Unauthenticated) (2)

GravCMS 1.10.7 contains an unauthenticated vulnerability that allows remote attackers to write arbitrary YAML configuration and execute PHP code through the scheduler endpoint. Attackers can exploit the admin-nonce parameter to inject base64-encoded payloads and create malicious custom jobs with...

Exploit for Improper Access Control in Getgrav Grav-Plugin-Admin

Exploit for: GravCMS 1.10.7 - Arbitrary YAML Write/...

Grav CMS 1.10.7 - Arbitrary YAML Write/Update (Unauthenticated) Exploit (2)

Exploit Title: GravCMS 1.10.7 - Arbitrary YAML Write/Update Unauthenticated 2 Original Exploit Author: Mehmet Ince Vendor Homepage: https://getgrav.org Version: 1.10.7 Tested on: Debian 10 Author: legend /usr/bin/python3 import requests import sys import re import base64 target=...

GravCMS 1.10.7 Arbitrary YAML Write / Update

Exploit Title: GravCMS 1.10.7 - Arbitrary YAML Write/Update Unauthenticated 2 Original Exploit Author: Mehmet Ince Vendor Homepage: https://getgrav.org Version: 1.10.7 Tested on: Debian 10 Author: legend /usr/bin/python3 import requests import sys import re import base64 target=...

GravCMS 1.10.7 - Arbitrary YAML Write/Update (Unauthenticated) (2)

Exploit Title: GravCMS 1.10.7 - Arbitrary YAML Write/Update Unauthenticated 2 Original Exploit Author: Mehmet Ince Vendor Homepage: https://getgrav.org Version: 1.10.7 Tested on: Debian 10 Author: legend /usr/bin/python3 import requests import sys import re import base64 target=...

GravCMS 1.10.7 Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GravCMS Remote Command Execution', 'Description' = %q This module exploits arbitrary config write/update vulnerability to achieve remote code...

Design/Logic Flaw

Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Particular method execution will result in...

CVE-2021-21425 Unauthenticated Arbitrary YAML Write/Update leads to Code Execution

Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Particular method execution will result in...

PYSEC-2013-13

Salt aka SaltStack before 0.17.1 allows remote attackers to execute arbitrary YAML code via unspecified vectors. NOTE: the vendor states that this might not be a vulnerability because the YAML to be loaded has already been determined to be safe...

CVE-2013-0277 rubygem-activerecord: Serialized Attributes YAML Vulnerability with Rails 2.3 and 3.0

ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML...