CVE-2021-21371

HIGH Year: 2021
CVSS v3 Score
8.6
High
CVSS v2 Score
4.6
Medium
Weakness Type
CWE-502
View all →

Vulnerability Description

Tenable for Jira Cloud is an open source project designed to pull Tenable.io vulnerability data, then generate Jira Tasks and sub-tasks based on the vulnerabilities' current state. It published in pypi as "tenable-jira-cloud". In tenable-jira-cloud before version 1.1.21, it is possible to run arbitrary commands through the yaml.load() method. This could allow an attacker with local access to the host to run arbitrary code by running the application with a specially crafted YAML configuration file. This is fixed in version 1.1.21 by using yaml.safe_load() instead of yaml.load().

Related Vulnerabilities

CVE-2021-21349

HIGH
CVSS:8.6(High)

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resourc...

CWE-5022021

CVE-2021-27475

HIGH
CVSS:8.6(High)

Rockwell Automation Connected Components Workbench v12.00.00 and prior does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object t...

CWE-5022021

CVE-2025-1403

HIGH
CVSS:8.6(High)

Qiskit SDK 0.45.0 through 1.2.4 could allow a remote attacker to cause a denial of service using a maliciously crafted QPY file containing a malformed symengine serialization stream which can cause a ...

CWE-5022025

CVE-2021-39150

HIGH
CVSS:8.5(High)

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicl...

CWE-5022021

CVE-2021-39152

HIGH
CVSS:8.5(High)

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicl...

CWE-5022021

CVE-2024-24842

HIGH
CVSS:8.7(High)

Deserialization of Untrusted Data vulnerability in Echo Plugins Knowledge Base for Documentation, FAQs with AI Assistance.This issue affects Knowledge Base for Documentation, FAQs with AI Assistance: ...

CWE-5022024