{"id":"CVE-2021-40720","details":"Ops CLI version 2.0.4 (and earlier) is affected by a Deserialization of Untrusted Data vulnerability to achieve arbitrary code execution when the checkout_repo function is called on a maliciously crafted file. An attacker can leverage this to execute arbitrary code on the victim machine.","aliases":["GHSA-x23q-4j9j-9cxw","PYSEC-2021-380"],"modified":"2026-04-10T04:38:20.100783Z","published":"2021-10-15T15:15:08.530Z","references":[{"type":"FIX","url":"https://helpx.adobe.com/security/products/ops_cli/apsb21-88.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/adobe/ops-cli","events":[{"introduced":"0"},{"fixed":"c3c909a6a46f44b692bf6e92f024dea0606eab50"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.0.5"}]}}],"versions":["0.20","0.21","0.25","0.26","0.27","0.28","0.29","0.29-prerelease","0.31","0.32","0.33","0.34","0.35","0.36","1.0","1.1","1.10.0","1.11.0","1.11.1","1.11.10","1.11.11","1.11.12","1.11.2","1.11.3","1.11.4","1.11.5","1.11.6","1.11.7","1.11.8","1.11.9","1.12.0","1.2","1.3","1.4","1.5","1.6","1.7","1.8","1.9","2.0.3","2.0.4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-40720.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}