Lucene search
Veracode Vulnerability DatabaseVERACODE:36235HistoryJul 01, 2022 - 2:03 a.m.
Deserialization Of Untrusted Data
2022-07-0102:03:10
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
0.002 Low
EPSS
Percentile
62.2%
opensearch-ruby is vulnerable to deserialization of untrusted data. The vulnerability exists due to the unsafe deserialization of response.body data in YAML.load functionality in the verify_open_search function of pensearch.rb
| CPE | Name | Operator | Version |
|---|---|---|---|
| opensearch-ruby | le | 2.0.1 | |
| opensearch-ruby | le | 2.0.1 |
References
github.com/opensearch-project/opensearch-ruby/commit/d74a98b45c037671e8819fa87f6a6423458ab08a
github.com/opensearch-project/opensearch-ruby/pull/77
github.com/opensearch-project/opensearch-ruby/pull/82
github.com/opensearch-project/opensearch-ruby/security/advisories/GHSA-977c-63xq-cgw3
staaldraad.github.io/post/2021-01-09-universal-rce-ruby-yaml-load-updated/
Related
cvelist
cvelist
CVE-2022-31115 Unsafe YAML deserialization in opensearch-ruby
2022-06-30 21:55:11
osv
osv
CVE-2022-31115
2022-06-30 22:15:08
opensearch-ruby 2.x before 2.0.2 vulnerable to unsafe YAML deserialization
2022-07-05 20:41:26
cve
cve
CVE-2022-31115
2022-06-30 22:15:08
github
github
opensearch-ruby 2.x before 2.0.2 vulnerable to unsafe YAML deserialization
2022-07-05 20:41:26
nvd
nvd
CVE-2022-31115
2022-06-30 22:15:08
prion
prion
Deserialization of untrusted data
2022-06-30 22:15:00