CVE STALKER

CVE-2021-38305

CVSS
DESCRIPTION23andMe Yamale before 3.0.8 allows remote attackers to execute arbitrary code via a crafted schema file. The schema parser uses eval as part of its processing, and tries to protect from malicious expressions by limiting the builtins that are passed to the eval. When processing the schema, each line is run through Python's eval function to make the validator available. A well-constructed string within the schema rules can execute system commands; thus, by exploiting the vulnerability, an attacker can run arbitrary code on the image that invokes Yamale.
HEAT SCORE140

WORDS

TWEETS

DATE TWEETS USER
2021-10-09 00:10:22A high-severity code execution bug (CVE-2021-38305) affects #Yamale #Python package. #CyberSecurity, #infosec… https://t.co/8RZpNoGsZZ https://twitter.com/i/web/status/1446627225541955592twelvesec
2021-10-08 11:30:41"RT @TheHackersNews: A high-severity code injection #vulnerability (CVE-2021-38305) has been discovered in 23andMe'… https://t.co/hTHFq5WKYF https://twitter.com/i/web/status/1446437090036789249trip_elix
2021-10-08 04:41:20A #highseverity code injection #vulnerability (CVE-2021-38305) has been discovered in #23andMe's #Yamale, a schema… https://t.co/OzNeU7muEA https://twitter.com/i/web/status/1446333935382777863Cybersec_India
2021-10-07 18:10:17A high-severity code injection #vulnerability (CVE-2021-38305) has been discovered in 23andMe's Yamale, a schema an… https://t.co/IMKGNSKFIm https://twitter.com/i/web/status/1446174746907926534security_wang
2021-10-07 16:10:28A high-severity code injection #vulnerability (CVE-2021-38305) has been discovered in 23andMe's Yamale, a schema an… https://t.co/khtaacOUIZ https://twitter.com/i/web/status/1446144546077872128unix_root
2021-10-07 13:12:50A high-severity code injection #vulnerability (CVE-2021-38305) has been discovered in 23andMe's Yamale, a schema an… https://t.co/ChNGR4AIKB https://twitter.com/i/web/status/1446099250652270594Swati_THN
2021-10-07 12:50:30Code execution bug affects Yamale #Python package, used by over 200 projects. (CVE-2021-38305) #security… https://t.co/beLN6VZh1C https://twitter.com/i/web/status/1446095425186975744JaxxArmstrong
2021-10-07 12:42:29A high-severity code injection #vulnerability (CVE-2021-38305) has been discovered in 23andMe's Yamale, a schema an… https://t.co/82O7o6nb2A https://twitter.com/i/web/status/1446091657833697284idsec_
2021-10-07 12:30:45A high-severity code injection #vulnerability (CVE-2021-38305) has been discovered in 23andMe's Yamale, a schema an… https://t.co/mBBxwgaC3q https://twitter.com/i/web/status/1446089696052928529ChileSobreTodo
2021-10-07 12:12:41A high-severity code injection #vulnerability (CVE-2021-38305) has been discovered in 23andMe's Yamale, a schema an… https://t.co/HssCapF9Hq https://twitter.com/i/web/status/1446083021178916865hackingcoil
2021-10-07 12:03:02A high-severity code injection #vulnerability (CVE-2021-38305) has been discovered in 23andMe's Yamale, a schema an… https://t.co/QoInmK913E https://twitter.com/i/web/status/1446080577514266625TheHackersNews
2021-10-07 12:01:28"A high-severity code injection #vulnerability (CVE-2021-38305) has been discovered in 23andMe's Yamale, a schema a… https://t.co/62cxFMwr13 https://twitter.com/i/web/status/1446081030604066816trip_elix
2021-08-17 21:00:39New post from https://t.co/uXvPWJy6tj (CVE-2021-38305 (yamale)) has been published on https://t.co/436d9AkGO0 http://www.sesin.at https://www.sesin.at/2021/08/17/cve-2021-38305-yamale/WolfgangSesin
2021-08-17 21:00:28New post from https://t.co/9KYxtdZjkl (CVE-2021-38305 (yamale)) has been published on https://t.co/YEtVMhVGba http://www.sesin.at https://www.sesin.at/2021/08/17/cve-2021-38305-yamale/www_sesin_at
2021-08-17 19:12:36🚨 NEW: CVE-2021-38305 🚨 23andMe Yamale before 3.0.8 allows remote attackers to execute arbitrary code via a crafted… https://t.co/NDtah5xPKv https://twitter.com/i/web/status/1427706936322035722threatintelctr
2021-08-10 14:10:14Python - CVE-2021-38305: https://t.co/EDxVG85z1O https://github.com/23andMe/Yamale/releases/tag/3.0.8LinInfoSec
2021-08-10 08:00:34CVE-2021-38305 23andMe Yamale before 3.0.8 allows remote attackers to execute arbitrary code via a crafted schema f… https://t.co/Fy4unvOsoV https://twitter.com/i/web/status/1424996528977059842eyeTSystems
2021-08-10 01:00:10CVE-2021-38305 shall henceforth be named Disparate Chalumeau https://t.co/wQR0c5QEFi https://nvd.nist.gov/vuln/detail/CVE-2021-38305vulnonym
2021-08-09 23:00:23New post from https://t.co/9KYxtdZjkl (CVE-2021-38305) has been published on https://t.co/h501juAKz7 http://www.sesin.at https://www.sesin.at/2021/08/10/cve-2021-38305/www_sesin_at
2021-08-09 23:00:22New post from https://t.co/uXvPWJy6tj (CVE-2021-38305) has been published on https://t.co/8H83fBmeWg http://www.sesin.at https://www.sesin.at/2021/08/10/cve-2021-38305/WolfgangSesin
2021-08-09 21:50:05CVE-2021-38305 23andMe Yamale before 3.0.8 allows remote attackers to execute arbitrary code via a crafted schema f… https://t.co/Fy7CfFJ6du https://twitter.com/i/web/status/1424849322043224071CVEnew
2021-08-09 21:10:03CVE-2021-38305 : 23andMe Yamale before 3.0.8 allows remote attackers to execute arbitrary code via a crafted schema… https://t.co/bU6ShD5jGh https://twitter.com/i/web/status/1424839545091153921CVEreport