[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[oss-security] CVE-2021-40146: A Remote Code Execution (RCE) vulnerability exists in Apache Any23 YAMLExtractor.java



Description:

A Remote Code Execution (RCE) vulnerability was discovered in the
Any23 YAMLExtractor.java file and is known to affect Any23 versions <
2.5. RCE vulnerabilities allow a malicious actor to execute any code
of their choice on a remote machine over LAN, WAN, or internet. RCE
belongs to the broader class of arbitrary code execution (ACE)
vulnerabilities.

Credit:

The Apache Any23 Project Management Committee would like to thank
Zhuxuan Wu for reporting the security vulnerability.



-- 
http://home.apache.org/~lewismc/
http://people.apache.org/keys/committer/lewismc