PT-2021-22946 · Ops Cli · Ops Cli

Published

2021-10-15

Updated

2022-05-24

CVE-2021-40720

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Ops CLI versions 2.0.4 and earlier

Description The issue is related to Deserialization of Untrusted Data, allowing arbitrary code execution when the checkout repo function is called on a maliciously crafted file. This enables an attacker to execute arbitrary code on the victim machine.

Recommendations For Ops CLI versions 2.0.4 and earlier, consider disabling the checkout repo function until a patch is available to prevent arbitrary code execution.

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2021-40720

GHSA-X23Q-4J9J-9CXW

PYSEC-2021-380

Affected Products

Ops Cli

PT-2021-22946 · Ops Cli · Ops Cli

CVE-2021-40720

Weakness Enumeration

Related Identifiers

Affected Products

References · 7