14 matches found
CVE-2022-31115
opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. In versions prior to 2.0.1 the ruby YAML.load function was used instead of YAML.safeload. As a result opensearch-ruby 2.0.0 and prior can lead to unsafe deserialization using YAML.load if the response is of type YAML. ...
EUVD-2022-6303
Malicious code in bioql PyPI...
opensearch-ruby 2.x before 2.0.2 vulnerable to unsafe YAML deserialization
Impact A YAML deserialization in opensearch-ruby 2.0.0 can lead to unsafe deserialization using YAML.load if the response is of type YAML. Patches The problem has been patched in opensearch-ruby gem version 2.0.2. Workarounds No viable workaround. Please upgrade to 2.0.2 References...
GHSA-977C-63XQ-CGW3 opensearch-ruby 2.x before 2.0.2 vulnerable to unsafe YAML deserialization
Impact A YAML deserialization in opensearch-ruby 2.0.0 can lead to unsafe deserialization using YAML.load if the response is of type YAML. Patches The problem has been patched in opensearch-ruby gem version 2.0.2. Workarounds No viable workaround. Please upgrade to 2.0.2 References...
Unsafe YAML deserialization in opensearch-ruby
Impact A YAML deserialization in opensearch-ruby 2.0.0 can lead to unsafe deserialization using YAML.load if the response is of type YAML. Patches The problem has been patched in opensearch-ruby gem version 2.0.2. Workarounds No viable workaround. Please upgrade to 2.0.2...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data using YAML.load if the response is a YAML type. This is exploitable only if the attacker is in control of an opensearch server and convinces the victim to connect to it. Details Serialization is a proce...
Deserialization Of Untrusted Data
opensearch-ruby is vulnerable to deserialization of untrusted data. The vulnerability exists due to the unsafe deserialization of response.body data in YAML.load functionality in the verifyopensearch function of pensearch.rb...
CVE-2022-31115
opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. In versions prior to 2.0.1 the ruby YAML.load function was used instead of YAML.safeload. As a result opensearch-ruby 2.0.0 and prior can lead to unsafe deserialization using YAML.load if the response is of type YAML. ...
Deserialization of untrusted data
opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. In versions prior to 2.0.1 the ruby YAML.load function was used instead of YAML.safeload. As a result opensearch-ruby 2.0.0 and prior can lead to unsafe deserialization using YAML.load if the response is of type YAML. ...
CVE-2022-31115 Unsafe YAML deserialization in opensearch-ruby
opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. In versions prior to 2.0.1 the ruby YAML.load function was used instead of YAML.safeload. As a result opensearch-ruby 2.0.0 and prior can lead to unsafe deserialization using YAML.load if the response is of type YAML. ...
CVE-2022-31115
Opensearch-ruby before 2.0.1 is affected by unsafe YAML deserialization via YAML.load (not YAML.safe_load). Vulnerable in 2.0.0 and earlier when the response is YAML, exploitable only if an attacker controls the opensearch server and lures the victim to connect. Patch available in 2.0.1 (and subs...
CVE-2022-31115 Unsafe YAML deserialization in opensearch-ruby
opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. In versions prior to 2.0.1 the ruby YAML.load function was used instead of YAML.safeload. As a result opensearch-ruby 2.0.0 and prior can lead to unsafe deserialization using YAML.load if the response is of type YAML. ...
CVE-2022-31115 Unsafe YAML deserialization in opensearch-ruby
opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. In versions prior to 2.0.1 the ruby YAML.load function was used instead of YAML.safeload. As a result opensearch-ruby 2.0.0 and prior can lead to unsafe deserialization using YAML.load if the response is of type YAML. ...
opensearch-ruby 代码问题漏洞
opensearch-ruby is an open source Ruby client for OpenSearch from opensearch-project. A code issue vulnerability exists in opensearch-ruby that stems from the use of the ruby YAML.load function instead of YAML.safeload in versions prior to 2.0.1. As a result, opensearch-ruby 2.0.0 and earlier may...