CVE-2021-40146
published 2021-09-11CVE-2021-40146: A Remote Code Execution (RCE) vulnerability was discovered in the Any23 YAMLExtractor.java file and is known to affect Any23 versions < 2.5. RCE…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
A Remote Code Execution (RCE) vulnerability was discovered in the Any23 YAMLExtractor.java file and is known to affect Any23 versions < 2.5. RCE vulnerabilities allow a malicious actor to execute any code of their choice on a remote machine over LAN, WAN, or internet. RCE belongs to the broader class of arbitrary code execution (ACE) vulnerabilities.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | any23 | < 2.5 | 2.5 |
| apache_software_foundation | apache_any23 | >= Apache Any23 < 2.5 | 2.5 |