CVE-2021-22557

MEDIUM

Google Slo Generator < 2.0.1 - Code Injection

Title source: rule

Description

SLO generator allows for loading of YAML files that if crafted in a specific format can allow for code execution within the context of the SLO Generator. We recommend upgrading SLO Generator past https://github.com/google/slo-generator/pull/173

Exploits (1)

exploitdb WORKING POC VERIFIED

by Kiran Ghimire · textlocallinux

https://www.exploit-db.com/exploits/50385

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/164426/Google-SLO-Generator-2.0.0-Code-Execution.html

[Exploit, Patch, Third Party Advisory] https://github.com/google/slo-generator/pull/173

Scores

CVSS v3 5.3

EPSS 0.0054

EPSS Percentile 67.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-78 CWE-94

Status published

Products (2)

google/slo_generator < 2.0.1

pypi/slo-generator 0 - 2.0.1PyPI

Published Oct 04, 2021

Tracked Since Feb 18, 2026