cbcvebase.
CVE-2021-24040
published 2021-09-10

CVE-2021-24040: Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting…

PriorityP273critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
17.35%
96.7th percentile
Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks. This issue affects ParlAI prior to v1.1.0.

Affected

5 ranges
VendorProductVersion rangeFixed in
facebookparlai< 1.1.01.1.0
facebookparlai< 4374fa2aba383db6526ab36e939eb1cf8ef998794374fa2aba383db6526ab36e939eb1cf8ef99879
facebookparlai>= 0 < 1.1.01.1.0
facebookparlai>= 0 < 507d066ef432ea27d3e201da08009872a2f37725507d066ef432ea27d3e201da08009872a2f37725
facebookparlai>= unspecified < 1.1.01.1.0

Detection & IOCsextracted from sources · hover to see the quote

filenameconfig.yml
  • Monitor calls to 'parlai.chat_service.utils.config.parse_configuration_file()' with externally-supplied or user-writable YAML files, as this is the vulnerable code path exploited.
  • Alert on YAML configuration files containing '__import__' or 'os.system' strings, which indicate attempted code injection via PyYAML unsafe load.
  • ·The vulnerability requires an attacker to have write access to local YAML configuration files used by ParlAI; it is not directly remotely exploitable without this prerequisite.
  • ·Only ParlAI versions prior to v1.1.0 are affected; upgrading to v1.1.0 or later mitigates this issue.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.