CVE-2021-40720P2CRITICALCVSS 9.8fixed in 2.0.5·≥ unspecified, ≤ 2.0.42021-10-15
CVE-2021-40720 [CRITICAL] CWE-502 CVE-2021-40720: Ops CLI version 2.0.4 (and earlier) is affected by a Deserialization of Untrusted Data vulnerability
Ops CLI version 2.0.4 (and earlier) is affected by a Deserialization of Untrusted Data vulnerability to achieve arbitrary code execution when the checkout_repo function is called on a maliciously crafted file. An attacker can leverage this to execute arbitrary code on the victim machine.
ghsanvdosv