Lucene search
Veracode Vulnerability DatabaseVERACODE:33217HistoryDec 09, 2021 - 6:31 a.m.
Remote Code Execution (RCE)
2021-12-0906:31:29
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
0.001 Low
EPSS
Percentile
51.3%
sockeye is vulnerable to remote code execution. The use of insecure loading of yaml for the model configuration files allows an attacker to execute arbitrary code embedded in config files.
References
github.com/awslabs/sockeye/commit/2d458b2a2a4b05b3437a1895209675969bf6befd#diff-fb3bb9c88a463d7f5b801e036af8287f1d99c433e1183087729c67ccc09bfdddR37
github.com/awslabs/sockeye/commit/35dd717a80ae1f04128d79bd0bcf340e2e9d1427
github.com/awslabs/sockeye/pull/964
github.com/awslabs/sockeye/releases/tag/2.3.24
github.com/awslabs/sockeye/security/advisories/GHSA-ggmr-44cv-24pm
huntr.dev/bounties/bb6ccd63-f505-4e3a-b55f-cd2662c261a9
Related
githubexploit
githubexploit
Exploit for Code Injection in Amazon Sockeye
2022-08-21 08:44:31
cvelist
cvelist
CVE-2021-43811 Code injection via unsafe YAML loading
2021-12-08 23:05:11
github
github
Code injection via unsafe YAML loading
2021-12-09 18:35:22
osv
osv
PYSEC-2021-848
2021-12-08 23:15:00
Code injection via unsafe YAML loading
2021-12-09 18:35:22
CVE-2021-43811
2021-12-08 23:15:08
nvd
nvd
CVE-2021-43811
2021-12-08 23:15:08
cve
cve
CVE-2021-43811
2021-12-08 23:15:08
prion
prion
Code injection
2021-12-08 23:15:00