CVE-2021-33575
First published: Tue May 25 2021(Updated: )
The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Pixar Ruby-jss | <1.6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-33575?
CVE-2021-33575 is a vulnerability in the Pixar ruby-jss gem before version 1.6.0 that allows remote attackers to execute arbitrary code due to the use of Marshal.load during XML document processing.
How can this vulnerability be exploited?
This vulnerability can be exploited by remote attackers to execute arbitrary code by manipulating XML documents processed by the Plist gem.
What is the severity of CVE-2021-33575?
The severity of CVE-2021-33575 is critical, with a CVSS score of 9.8.
Which software versions are affected by this vulnerability?
The Pixar ruby-jss gem versions before 1.6.0 are affected by this vulnerability.
How can I fix this vulnerability?
To fix this vulnerability, it is recommended to update the Pixar ruby-jss gem to version 1.6.0 or newer.
- collector/nvd-index
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/author
- agent/tags
- agent/event
- vendor/pixar
- canonical/pixar ruby-jss