[HackerNews] Code Execution Bug Affects Yamale Python Package — Used by Over 200 Projects

A high-severity code injection vulnerability has been disclosed in 23andMe’s Yamale, a schema and validator for YAML, that could be trivially exploited by adversaries to execute arbitrary Python code.
The flaw, tracked as CVE-2021-38305 (CVSS score: 7.8), involves manipulating the schema file provided as input to the tool to circumvent protections and achieve code execution. Particularly, the 

Source: Read More (The Hacker News)

You might be interested in …

[HackerNews] Russia bans VyprVPN, Opera VPN services for not complying with blacklist request

All posts, HackerNews

Russia’s telecommunications and media regulator Roskomnadzor (RKN) on Thursday introduced restrictions on the operation of VyprVPN and Opera VPN services in the country. “In accordance with the regulation on responding to threats to circumvent restrictions on access to child pornography, suicidal, pro-narcotic and other prohibited content, restrictions on the use of VPN services VyprVPN and […]

Read More

[ESET] Global police shut down VPN service favored by cybercriminals

All posts, ESET feed

A global operation takes down the infrastructure of DoubleVPN and seizes data about its customers The post Global police shut down VPN service favored by cybercriminals appeared first on WeLiveSecurity Source: Read More (WeLiveSecurity)

Read More

[ThreatPost] REvil Ransomware Ground Down JBS: Sources

All posts, ThreatPost

Responsible nations don’t harbor cybercrooks, the Biden administration admonished Russia, home to the gang that reportedly froze the global food distributor’s systems. Source: Read More (Threatpost)

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.