CVE-2021-40720: Ops CLI Deserialization of Untrusted Data vulnerability

May 24, 2022 (updated October 7, 2024)

Ops CLI version 2.0.4 (and earlier) is affected by a Deserialization of Untrusted Data vulnerability to achieve arbitrary code execution when the checkout_repo function is called on a maliciously crafted file. An attacker can leverage this to execute arbitrary code on the victim machine.

References

github.com/adobe/ops-cli
github.com/advisories/GHSA-x23q-4j9j-9cxw
github.com/pypa/advisory-database/tree/main/vulns/ops-cli/PYSEC-2021-380.yaml
helpx.adobe.com/security/products/ops_cli/apsb21-88.html
nvd.nist.gov/vuln/detail/CVE-2021-40720

Code Behaviors & Features

Detect and mitigate CVE-2021-40720 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →