CVE-2021-24040
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-24040
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-24040.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-24040
- Aliases
- Published
- 2021-09-10T22:15:07Z
- Modified
- 2024-10-12T07:00:02.795167Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks. This issue affects ParlAI prior to v1.1.0.
- References
Affected packages
Git / github.com/facebookresearch/parlai
Affected ranges
- Type
- GIT
- Repo
- https://github.com/facebookresearch/parlai
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
acute_eval
convai2archive
final_mturk
mastering_the_dungeon
memnn_feedback
mturk_archive
personachat
qa_data_collection
qualification_flow_example
react_task_demo
talkthewalk
turn_annotations
v0.*
v0.1.20200409
v0.1.20200416
v0.1.20200716
v0.10.0
v0.8.0
v0.9.0
v0.9.1
v0.9.2
v0.9.3
v0.9.4
v1.*
v1.0.0