{"id":"PYSEC-2021-429","details":"SLO generator allows for loading of YAML files that if crafted in a specific format can allow for code execution within the context of the SLO Generator. We recommend upgrading SLO Generator past https://github.com/google/slo-generator/pull/173","aliases":["CVE-2021-22557","GHSA-j28r-j54m-gpc4"],"modified":"2023-11-08T04:05:00.650192Z","published":"2021-10-04T10:15:00Z","references":[{"type":"WEB","url":"https://github.com/google/slo-generator/pull/173"},{"type":"WEB","url":"http://packetstormsecurity.com/files/164426/Google-SLO-Generator-2.0.0-Code-Execution.html"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-j28r-j54m-gpc4"}],"affected":[{"package":{"name":"slo-generator","ecosystem":"PyPI","purl":"pkg:pypi/slo-generator"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.0.1"}]}],"versions":["0.1.0","0.1.1","0.1.2","0.1.3","0.1.4","0.1.5","0.1.6","0.1.7","0.2.0","0.2.1","1.0.0","1.0.1","1.1.0","1.1.1","1.1.2","1.2.0","1.3.0","1.3.1","1.3.2","1.4.0","1.4.1","1.5.0","1.5.1","2.0.0","2.0.0rc0","2.0.0rc2","2.0.0rc3","2.0.0rc4"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/slo-generator/PYSEC-2021-429.yaml"}}],"schema_version":"1.7.3"}