A Remote Code Execution (RCE) vulnerability was discovered in the Any23 YAMLExtractor.java file and is known to affect Any23 versions < 2.5. RCE vulnerabilities allow a malicious actor to execute any code of their choice on a remote machine over LAN, WAN, or internet. RCE belongs to the broader class of arbitrary code execution (ACE) vulnerabilities.

Affected Packages

Maven org.apache.any23:apache-any23

Affected versions: 0 (fixed in 2.5)

Related CVEs

CVE-2021-40146

Key Information

GHSA ID

GHSA-99px-7724-484v

Published

September 13, 2021 8:06 PM

Last Modified

September 24, 2021 1:10 PM

CVSS Score

9.0 /10

Primary Ecosystem

Maven

Primary Package

org.apache.any23:apache-any23

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 28, 2025 6:37 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.