7.8

CVE-2021-41078

Exploit
Nameko through 2.13.0 can be tricked into performing arbitrary code execution when deserializing the config file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NamekoNameko Version <= 2.13.0
NamekoNameko Version3.0.0 Updaterc1
NamekoNameko Version3.0.0 Updaterc2
NamekoNameko Version3.0.0 Updaterc3
NamekoNameko Version3.0.0 Updaterc4
NamekoNameko Version3.0.0 Updaterc5
NamekoNameko Version3.0.0 Updaterc6
NamekoNameko Version3.0.0 Updaterc7
NamekoNameko Version3.0.0 Updaterc8
NamekoNameko Version3.0.0 Updaterc9
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.47% 0.799
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

https://github.com/nameko/nameko
Third Party Advisory