2 matches found
CVE-2021-24040
Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks. This issue affects ParlAI prior to v1.1.0...
CVE-2021-24040
CVE-2021-24040 concerns ParlAI prior to v1.1.0, where unsafe YAML deserialization logic can be exploited if an attacker can modify local YAML configuration files, potentially leading to remote code execution or similar risks. The root cause is unsafe loading/ deserialization of YAML data in ParlA...