CVE-2021-24040 is a vulnerability in Facebook Parlai
Published on September 10, 2021
Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks. This issue affects ParlAI prior to v1.1.0.
Weakness Type
What is a Marshaling, Unmarshaling Vulnerability?
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
CVE-2021-24040 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.
Products Associated with CVE-2021-24040
Want to know whenever a new CVE is published for Facebook Parlai? stack.watch will email you.
Affected Versions
Facebook ParlAI:- Version 1.1.0 and below unspecified is unaffected.
- Version unspecified and below 1.1.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.