Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:31917
HistorySep 02, 2021 - 10:26 a.m.

Untrusted Code Deserialization

2021-09-0210:26:31
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
rundeck
deserialization
vulnerability
exploit
malicious file
remote code

EPSS

0.001

Percentile

43.7%

JSON

rundeck is vulnerable to deserialization attack. An attacker is able to exploit the vulnerability by uploading a maliciously crafted aclpolicy yaml file to the server which will deserialise run the remote code when a user makes a POST request to it.

Related

osv 2
cvelist 1
nvd 1
cve 1
cnvd 1
prion 1
github 1
osv
osv
CVE-2021-39132
2021-08-30 20:15:07
YAML deserialization can run untrusted code
2021-09-01 18:27:01
cvelist
cvelist
CVE-2021-39132 YAML deserialization can run untrusted code
2021-08-30 19:35:10
nvd
nvd
CVE-2021-39132
2021-08-30 20:15:07
cve
cve
CVE-2021-39132
2021-08-30 20:15:07
cnvd
cnvd
Rundeck code issue vulnerability
2021-09-01 00:00:00
prion
prion
Authentication flaw
2021-08-30 20:15:00
github
github
YAML deserialization can run untrusted code
2021-09-01 18:27:01

EPSS

0.001

Percentile

43.7%

JSON
Related for VERACODE:31917
osv2cvelist1nvd1cve1cnvd1prion1github1