CVE-2021-40146

Name of the Vulnerable Software and Affected Versions Any23 versions prior to 2.5

Description A Remote Code Execution (RCE) vulnerability was discovered in the Any23 YAMLExtractor.java file. This issue allows a malicious actor to execute any code of their choice on a remote machine over LAN, WAN, or internet. RCE belongs to the broader class of arbitrary code execution (ACE) vulnerabilities.

Recommendations For versions prior to 2.5, update to version 2.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the YAMLExtractor.java file until a patch is available.