{"id":"GHSA-j28r-j54m-gpc4","summary":"Code Injection in SLO Generator","details":"SLO generator allows for loading of YAML files that if crafted in a specific format can allow for code execution within the context of the SLO Generator. We recommend upgrading SLO Generator past https://github.com/google/slo-generator/pull/173 ","aliases":["CVE-2021-22557","PYSEC-2021-429"],"modified":"2024-10-22T17:00:32.927276Z","published":"2021-10-05T17:53:59Z","database_specific":{"severity":"MODERATE","github_reviewed":true,"nvd_published_at":"2021-10-04T10:15:00Z","cwe_ids":["CWE-78","CWE-94"],"github_reviewed_at":"2021-10-05T16:01:42Z"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22557"},{"type":"WEB","url":"https://github.com/google/slo-generator/pull/173"},{"type":"WEB","url":"https://github.com/google/slo-generator/commit/36318beab1b85d14bb860e45bea186b184690d5d"},{"type":"WEB","url":"https://github.com/google/slo-generator/releases/tag/v2.0.1"},{"type":"WEB","url":"https://github.com/pypa/advisory-database/tree/main/vulns/slo-generator/PYSEC-2021-429.yaml"},{"type":"PACKAGE","url":"://github.com/google/slo-generator"},{"type":"WEB","url":"http://packetstormsecurity.com/files/164426/Google-SLO-Generator-2.0.0-Code-Execution.html"}],"affected":[{"package":{"name":"slo-generator","ecosystem":"PyPI","purl":"pkg:pypi/slo-generator"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.0.1"}]}],"versions":["0.1.0","0.1.1","0.1.2","0.1.3","0.1.4","0.1.5","0.1.6","0.1.7","0.2.0","0.2.1","1.0.0","1.0.1","1.1.0","1.1.1","1.1.2","1.2.0","1.3.0","1.3.1","1.3.2","1.4.0","1.4.1","1.5.0","1.5.1","2.0.0","2.0.0rc0","2.0.0rc2","2.0.0rc3","2.0.0rc4"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/10/GHSA-j28r-j54m-gpc4/GHSA-j28r-j54m-gpc4.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}]}