CVE-2021-22557: Code Injection in SLO Generator
(updated )
SLO generator allows for loading of YAML files that if crafted in a specific format can allow for code execution within the context of the SLO Generator. We recommend upgrading SLO Generator past https://github.com/google/slo-generator/pull/173
References
- github.com/advisories/GHSA-j28r-j54m-gpc4
- github.com/google/slo-generator/commit/36318beab1b85d14bb860e45bea186b184690d5d
- github.com/google/slo-generator/pull/173
- github.com/google/slo-generator/releases/tag/v2.0.1
- github.com/pypa/advisory-database/tree/main/vulns/slo-generator/PYSEC-2021-429.yaml
- nvd.nist.gov/vuln/detail/CVE-2021-22557
Detect and mitigate CVE-2021-22557 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →