mcollective-client is vulnerable to Remote Code Execution (RCE) Through YAML Deserialization. The library uses the insecure YAML.load
method to deserialize yaml files. This can allow a malicious user to inject and execute arbitrary code by sending a yaml file to the system.
CPE | Name | Operator | Version |
---|---|---|---|
mcollective-client | le | 2.10.3 |