Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-8278-88vv-x98r

GitHub Security Advisory

Execution of untrusted code through config file

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

### Impact
It is possible to run arbitrary commands through the yaml.load() method. This could allow an attacker with local access to the host to run arbitrary code by running the application with a specially crafted YAML configuration file.

### Workarounds
Manually adjust yaml.load() to yaml.safe_load()

### For more information
If you have any questions or comments about this advisory:
* Open an issue in [tenable/integration-jira-cloud](https://github.com/tenable/integration-jira-cloud/issues)
* Email us at [[email protected]](mailto:[email protected])

Affected Packages

PyPI tenable-jira-cloud
Affected versions: 0 (fixed in 1.1.21)

Related CVEs

CVE-2021-21371

Key Information

GHSA ID
GHSA-8278-88vv-x98r
Published
March 10, 2021 9:51 PM
Last Modified
October 27, 2024 3:38 PM
CVSS Score
5.0 /10
Primary Ecosystem
PyPI
Primary Package
tenable-jira-cloud
GitHub Reviewed
✓ Yes

Dataset

Last updated: August 11, 2025 6:32 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.