PyPi: Ait-Core

CVE-2024-35060

Safety vulnerability ID: 71244

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at May 21, 2024 Updated at Nov 29, 2024

Scan your Python projects for vulnerabilities →

Advisory

An issue in the YAML Python library of NASA AIT-Core allows attackers to execute arbitrary commands via supplying a crafted YAML file.

Affected package

ait-core

Latest version: 2.5.2

NASA JPL's Ground Data System toolkit for Instrument and CubeSat Missions

Affected versions

Fixed versions

Vulnerability changelog

An issue in the YAML Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands via supplying a crafted YAML file. See CVE-2024-35060.

CONFIRM:https://www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-ujkze: https://www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-ujkze

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application