CVE-2023-40023

EPSS 0.16%
Published 14.08.2023 20:15:12
Last modified 21.11.2024 08:18:31
Source security-advisories@github.com
Teams watchlist Login
Open Login

yaklang is a programming language designed for cybersecurity. The Yak Engine has been found to contain a local file inclusion (LFI) vulnerability. This vulnerability allows attackers to include files from the server's local file system through the web application. When exploited, this can lead to the unintended exposure of sensitive data, potential remote code execution, or other security breaches. Users utilizing versions of the Yak Engine prior to 1.2.4-sp1 are impacted. This vulnerability has been patched in version 1.2.4-sp1. Users are advised to upgrade. users unable to upgrade may avoid exposing vulnerable versions to untrusted input and to closely monitor any unexpected server behavior until they can upgrade.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Yaklang ≫ Yaklang Version1.2.0 Updatesp6

Yaklang ≫ Yaklang Version1.2.0 Updatesp7

Yaklang ≫ Yaklang Version1.2.0 Updatesp8

Yaklang ≫ Yaklang Version1.2.1 Update-

Yaklang ≫ Yaklang Version1.2.1 Updatesp1

Yaklang ≫ Yaklang Version1.2.1 Updatesp2

Yaklang ≫ Yaklang Version1.2.1 Updatesp3

Yaklang ≫ Yaklang Version1.2.1 Updatesp4

Yaklang ≫ Yaklang Version1.2.1 Updatesp5

Yaklang ≫ Yaklang Version1.2.1 Updatesp6

Yaklang ≫ Yaklang Version1.2.1 Updatesp7

Yaklang ≫ Yaklang Version1.2.1 Updatesp8

Yaklang ≫ Yaklang Version1.2.1 Updatesp9

Yaklang ≫ Yaklang Version1.2.2 Update-

Yaklang ≫ Yaklang Version1.2.2 Updatesp1

Yaklang ≫ Yaklang Version1.2.2 Updatesp2

Yaklang ≫ Yaklang Version1.2.2 Updatesp3

Yaklang ≫ Yaklang Version1.2.2 Updatesp4

Yaklang ≫ Yaklang Version1.2.2 Updatesp5

Yaklang ≫ Yaklang Version1.2.2 Updatesp6

Yaklang ≫ Yaklang Version1.2.2 Updatesp7

Yaklang ≫ Yaklang Version1.2.3 Update-

Yaklang ≫ Yaklang Version1.2.3 Updatesp1

Yaklang ≫ Yaklang Version1.2.3 Updatesp2

Yaklang ≫ Yaklang Version1.2.3 Updatesp3

Yaklang ≫ Yaklang Version1.2.4 Update-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.16%	0.375

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
security-advisories@github.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://github.com/yaklang/yaklang/pull/295

Patch

https://github.com/yaklang/yaklang/pull/296

Patch

https://github.com/yaklang/yaklang/security/advisories/GHSA-xvhg-w6qc-m3qq

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-40023

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-40023

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-40023

EUVD