CVE-2021-41078

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-41078

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-41078.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-41078

Aliases

Related

GHSA-6p52-jr3q-c94g

Published

2021-10-26T13:15:07.557Z

Modified

2026-04-12T02:00:33.892137Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Nameko through 2.13.0 can be tricked into performing arbitrary code execution when deserializing the config file.

References

Affected packages

Git / github.com/nameko/nameko

Affected ranges

Type

GIT

Repo

https://github.com/nameko/nameko

Events

Introduced

Last affected

4b9ee1f2d04686b3de2d538065a3b1e1c0cf4268

Last affected

df449b1f1a1226f77ac24f5e31e54404d387025c

Last affected

c8c806d09fb7be4a5272c32b7bb3b41096139bc7

Last affected

b0131f5deeb352b1e140ce400fa61a0cb3048d5e

Last affected

53740e82c63b07b184b557b895454d1168ebfae8

Last affected

967e440d83e945afbfca3c34d341c168c724b468

Last affected

ff7fc61900c4b302b4e2e6ed26abcdd6a2f572a5

Last affected

7c9bc87473d8853c8c9c7d51d3942ab7d1ae528a

Last affected

abc8f97d4eeb60890d35a2a5e8e175d1014760ef

Last affected

4765fee2f84d750761cb30b87e7a57f78f7b3269

Database specific

{
    "source": "CPE_FIELD",
    "cpe": [
        "cpe:2.3:a:nameko:nameko:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:nameko:nameko:3.0.0:rc1:*:*:*:*:*:*",
        "cpe:2.3:a:nameko:nameko:3.0.0:rc2:*:*:*:*:*:*",
        "cpe:2.3:a:nameko:nameko:3.0.0:rc3:*:*:*:*:*:*",
        "cpe:2.3:a:nameko:nameko:3.0.0:rc4:*:*:*:*:*:*",
        "cpe:2.3:a:nameko:nameko:3.0.0:rc5:*:*:*:*:*:*",
        "cpe:2.3:a:nameko:nameko:3.0.0:rc6:*:*:*:*:*:*",
        "cpe:2.3:a:nameko:nameko:3.0.0:rc7:*:*:*:*:*:*",
        "cpe:2.3:a:nameko:nameko:3.0.0:rc8:*:*:*:*:*:*",
        "cpe:2.3:a:nameko:nameko:3.0.0:rc9:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.13.0"
        },
        {
            "last_affected": "3.0.0-rc1"
        },
        {
            "last_affected": "3.0.0-rc2"
        },
        {
            "last_affected": "3.0.0-rc3"
        },
        {
            "last_affected": "3.0.0-rc4"
        },
        {
            "last_affected": "3.0.0-rc5"
        },
        {
            "last_affected": "3.0.0-rc6"
        },
        {
            "last_affected": "3.0.0-rc7"
        },
        {
            "last_affected": "3.0.0-rc8"
        },
        {
            "last_affected": "3.0.0-rc9"
        }
    ]
}

Affected versions

v0.*

v0.1.0

v0.2.0

v0.2.1

v0.3.0

v0.4.0

v0.4.1

v0.5.0

v0.5.1

v0.5.2

v0.5.3

v0.6.0

v0.7.0

v1.*

v1.0.0

v1.0.1

v1.1.0

v1.1.1

v1.1.2

v1.1.3

v1.1.4

v1.10.0

v1.10.1

v1.11.0

v1.11.1

v1.11.2

v1.11.3

v1.11.4

v1.11.5

v1.12.0

v1.13.0

v1.14.0

v1.2.0

v1.2.1

v1.2.2

v1.2.3

v1.2.4

v1.2.5

v1.3.0

v1.3.1

v1.3.2

v1.3.3

v1.3.4

v1.3.5

v1.4.0

v1.4.1

v1.5.0

v1.6.0

v1.6.1

v1.7.0

v1.7.1

v1.7.2

v1.8.0

v1.8.1

v1.8.2

v1.9.0

v1.9.1

v2.*

v2.0.0

v2.1.0

v2.1.1

v2.1.2

v2.10.0

v2.11.0

v2.12.0

v2.13.0

v2.2.0

v2.3.0

v2.3.1

v2.4.0

v2.4.1

v2.4.2

v2.4.3

v2.4.4

v2.5.0

v2.5.1

v2.5.2

v2.5.3

v2.5.4

v2.6.0

v2.7.0

v2.8.0

v2.8.1

v2.8.2

v2.8.3

v2.8.4

v2.8.5

v2.9.0

v2.9.0-rc0

v2.9.1

v2.9.1-rc0

v3.*

v3.0.0-rc0

v3.0.0-rc1

v3.0.0-rc2

v3.0.0-rc3

v3.0.0-rc4

v3.0.0-rc5

v3.0.0-rc6

v3.0.0-rc7

v3.0.0-rc8

v3.0.0-rc9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-41078.json"