Unsafe YAML Deserialization in ParlAI Prior to v1.1.0: Remote Code Execution Vulnerability

Unsafe YAML Deserialization in ParlAI Prior to v1.1.0: Remote Code Execution Vulnerability

CVE-2021-24040 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks. This issue affects ParlAI prior to v1.1.0.

Learn more about our Web Application Penetration Testing UK.