[HackerNews] Code Execution Bug Affects Yamale Python Package — Used by Over 200 Projects

A high-severity code injection vulnerability has been disclosed in 23andMe’s Yamale, a schema and validator for YAML, that could be trivially exploited by adversaries to execute arbitrary Python code.
The flaw, tracked as CVE-2021-38305 (CVSS score: 7.8), involves manipulating the schema file provided as input to the tool to circumvent protections and achieve code execution. Particularly, the 

Source: Read More (The Hacker News)

You might be interested in …

[ZDNet] Weeks early: Adobe dumps massive security patch update

All posts, ZDNet

The security update targets 14 products. Source: Read More (Latest topics for ZDNet in Security)

Read More

[SecurityWeek] Italy Investigates Russia’s Kaspersky Antivirus Software

All posts, Security Week

Italy’s data privacy watchdog said Friday it was investigating the “potential risks” that Russian antivirus software Kaspersky could be used to launch cyberattacks. read more Source: Read More (SecurityWeek RSS Feed)

Read More

[SecurityWeek] University of California Confirms Personal Information Stolen in Cyberattack

All posts, Security Week

The University of California (UC) this week confirmed that personal information was stolen in a cyberattack involving the Accellion File Transfer Appliance (FTA) service. read more Source: Read More (SecurityWeek RSS Feed)

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.