Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks. This issue affects ParlAI prior to v1.1.0.

Affected Packages

PyPI parlai

Affected versions: 0 (fixed in 1.1.0)

Related CVEs

CVE-2021-24040

Key Information

GHSA ID

GHSA-mwgj-7x7j-6966

Published

September 13, 2021 8:06 PM

Last Modified

September 13, 2021 7:29 PM

CVSS Score

5.0 /10

Primary Ecosystem

PyPI

Primary Package

parlai

GitHub Reviewed

✓ Yes

Dataset

Last updated: September 10, 2025 6:31 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.