First published: Tue May 21 2024(Updated: )
An issue in the YAML Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands via supplying a crafted YAML file.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
NASA AIT-Core | ||
PyYAML |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-35060 is considered to have a high severity due to its potential for remote code execution.
To fix CVE-2024-35060, update the YAML Python library to the latest version to mitigate the vulnerability.
CVE-2024-35060 allows attackers to execute arbitrary commands by supplying a crafted YAML file.
NASA AIT-Core v2.5.2 is specifically affected by CVE-2024-35060.
Yes, the Python YAML library is vulnerable to CVE-2024-35060 when used in conjunction with affected software.