CVE-2021-24040

Deserialization of Untrusted Data in pypi/parlai

Identifiers

CVE-2021-24040, GHSA-m87f-9fvv-2mgg

Package Slug

pypi/parlai

Vulnerability

Deserialization of Untrusted Data

Description

Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks.

Affected Versions

All versions before 1.1.0

Solution

Upgrade to version 1.1.0 or above.

Last Modified

2021-09-24

source