Abhiram V

4 exploits Active since Sep 2020
CVE-2021-39207 WRITEUP HIGH WRITEUP
ParlAI < 1.1.0 - Remote Code Execution via YAML Deserialization
parlai is a framework for training and evaluating AI models on a variety of openly available dialogue datasets. In affected versions the package is vulnerable to YAML deserialization attack caused by unsafe loading which leads to Arbitary code execution. This security bug is patched by avoiding unsafe loader users should update to version above v1.1.0. If upgrading is not possible then users can change the Loader used to SafeLoader as a workaround. See commit 507d066ef432ea27d3e201da08009872a2f37725 for details.
CVSS 8.4
CVE-2020-7734 EXPLOITDB HIGH text WRITEUP
arachnys/cabot < 0.11.16 - Cross-Site Scripting via Endpoint Column
All versions of package cabot are vulnerable to Cross-site Scripting (XSS) via the Endpoint column.
CVSS 8.2
CVE-2020-25449 EXPLOITDB MEDIUM text WRITEUP
Arachnys Cabot 0.11.12 - Cross-Site Scripting via Address Column
Cross Site Scripting (XSS) vulnerability in Arachnys Cabot 0.11.12 can be exploited via the Address column.
CVSS 4.8
CVE-2021-24040 EXPLOITDB CRITICAL python WORKING POC
ParlAI < 1.1.0 - Remote Code Execution via Unsafe YAML Deserialization
Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks. This issue affects ParlAI prior to v1.1.0.
CVSS 9.8