CVE-2021-41078

Nameko through 2.13.0 can be tricked into performing arbitrary code execution when deserializing the config file...

EUVD-2021-0138

Malware in sbrugna...

CVE-2021-41078

Nameko through 2.13.0 can be tricked into performing arbitrary code execution when deserializing the config file...

CVE-2021-41078

Nameko through 2.13.0 can be tricked into performing arbitrary code execution when deserializing the config file...

croquemort (=2.1.0), django-nameko-standalone (=2.0.1) +4 more potentially affected by CVE-2021-41078 via nameko (>=2.11.0 <=2.12.0)

nameko PYPI version =2.11.0, =2.3.0, =28.0.0, =30.8.0 Source cves: CVE-2021-41078 Source advisory: OSV:PYSEC-2021-383...

PYSEC-2021-383

Nameko through 2.13.0 can be tricked into performing arbitrary code execution when deserializing the config file...

PYSEC-2021-383

Nameko through 2.13.0 can be tricked into performing arbitrary code execution when deserializing the config file...

Code injection

Nameko through 2.13.0 can be tricked into performing arbitrary code execution when deserializing the config file...

CVE-2021-41078

Summary : CVE-2021-41078 affects Nameko up to version 2.13.0, where deserializing a YAML config file can trigger arbitrary code execution. The root cause is unsafe deserialization of configuration data, enabling an attacker to execute code via crafted config content. Impact : Arbitrary code execu...

CVE-2021-41078

Nameko through 2.13.0 can be tricked into performing arbitrary code execution when deserializing the config file...

Nameko 代码问题漏洞

Nameko is a Python framework for building microservices. A security vulnerability exists in Nameko that stems from the fact that Nameko in 2.13.0 can be tricked into executing arbitrary code when deserializing configuration files...

croquemort (=2.1.0), django-nameko-standalone (=2.0.1) +4 more potentially affected by CVE-2021-41078 via nameko (>=2.11.0 <=2.12.0)

nameko PYPI version =2.11.0, =2.3.0, =28.0.0, =30.8.0 Source cves: CVE-2021-41078 Source advisory: OSV:GHSA-6P52-JR3Q-C94G...

Nameko Arbitrary code execution due to YAML deserialization

Impact Nameko can be tricked to perform arbitrary code execution when deserialising a YAML config file. Example: yaml malicious.yaml !!python/object/new:type args: 'z', !!python/tuple , 'extend': !!python/name:exec listitems: "import'os'.system'cat /etc/passwd'" shell $ nameko run --config...

GHSA-6P52-JR3Q-C94G Nameko Arbitrary code execution due to YAML deserialization

Impact Nameko can be tricked to perform arbitrary code execution when deserialising a YAML config file. Example: yaml malicious.yaml !!python/object/new:type args: 'z', !!python/tuple , 'extend': !!python/name:exec listitems: "import'os'.system'cat /etc/passwd'" shell $ nameko run --config...

Remote Code Execution (RCE)

nameko is vulnerable to remote code execution. The use of unsafe deserialising a YAML config file allows an attacker to provide files with malicious content to trigger the attack...

Nameko - &#039;nameko.php&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/60853/info Nameko is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of...

Nameko - nameko.php Cross-Site Scripting

Nameko - nameko.php Cross-Site Scripting source: https://www.securityfocus.com/bid/60853/info Nameko is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser o...

Nameko Webmail Cross Site Scripting

Nameko Webmail XSS Vulnerability on version tag that is possible to break and execute any javascript inside a tag . The URL for match the XSS, should be like url-decoded: ?fontsize=11pt;++alertdocument.cookiebody++font-size:11 XSS URL: -------- https:// victim host...