CVE-2021-41078

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-41078

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-41078.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-41078

Aliases

Published

2021-10-26T13:15:07Z

Modified

2024-10-12T08:26:48.221515Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Nameko through 2.13.0 can be tricked into performing arbitrary code execution when deserializing the config file.

References

Affected packages

Git / github.com/nameko/nameko

Affected ranges

Type: GIT
Repo: https://github.com/nameko/nameko
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

4765fee2f84d750761cb30b87e7a57f78f7b3269

Last affected

53740e82c63b07b184b557b895454d1168ebfae8

Last affected

7c9bc87473d8853c8c9c7d51d3942ab7d1ae528a

Last affected

967e440d83e945afbfca3c34d341c168c724b468

Last affected

abc8f97d4eeb60890d35a2a5e8e175d1014760ef

Last affected

b0131f5deeb352b1e140ce400fa61a0cb3048d5e

Last affected

c8c806d09fb7be4a5272c32b7bb3b41096139bc7

Last affected

df449b1f1a1226f77ac24f5e31e54404d387025c

Last affected

ff7fc61900c4b302b4e2e6ed26abcdd6a2f572a5

Affected versions

v0.*

v0.1.0

v0.1.1

v0.1.2

v0.1.3

v0.1.4

v0.1.5

v0.1.6

v0.1.7

v0.1.8

v0.1.9

v0.2.0

v0.2.1

v0.3.0

v0.4.0

v0.4.1

v0.5.0

v0.5.1

v0.5.2

v0.5.3

v0.6.0

v0.7.0

v1.*

v1.0.0

v1.0.1

v1.1.0

v1.1.1

v1.1.2

v1.1.3

v1.1.4

v1.10.0

v1.10.1

v1.11.0

v1.11.1

v1.11.2

v1.11.3

v1.11.4

v1.11.5

v1.12.0

v1.13.0

v1.14.0

v1.2.0

v1.2.1

v1.2.2

v1.2.3

v1.2.4

v1.2.5

v1.3.0

v1.3.1

v1.3.2

v1.3.3

v1.3.4

v1.3.5

v1.4.0

v1.4.1

v1.5.0

v1.6.0

v1.6.1

v1.7.0

v1.7.1

v1.7.2

v1.8.0

v1.8.1

v1.8.2

v1.9.0

v1.9.1

v2.*

v2.0.0

v2.1.0

v2.1.1

v2.1.2

v2.10.0

v2.11.0

v2.12.0

v2.2.0

v2.3.0

v2.3.1

v2.4.0

v2.4.1

v2.4.2

v2.4.3

v2.4.4

v2.5.0

v2.5.1

v2.5.2

v2.5.3

v2.5.4

v2.6.0

v2.7.0

v2.8.0

v2.8.1

v2.8.2

v2.8.3

v2.8.4

v2.8.5

v2.9.0

v2.9.0-rc0

v2.9.1

v2.9.1-rc0

v3.*

v3.0.0-rc0

v3.0.0-rc1

v3.0.0-rc2

v3.0.0-rc3

v3.0.0-rc4

v3.0.0-rc5

v3.0.0-rc6

v3.0.0-rc7

v3.0.0-rc8

v3.0.0-rc9