VYPR
Moderate severityNVD Advisory· Published Sep 10, 2021· Updated Aug 3, 2024

CVE-2021-24040

CVE-2021-24040

Description

Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks. This issue affects ParlAI prior to v1.1.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
parlaiPyPI
< 1.1.01.1.0

Affected products

2
  • ghsa-coords
    Range: < 1.1.0
  • Facebook/ParlAIv5
    Range: unspecified

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.