CVE-2023-40023

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-40023
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-40023.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-40023
Aliases
Published
2023-08-14T20:15:12Z
Modified
2024-08-21T14:41:46.887971Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

yaklang is a programming language designed for cybersecurity. The Yak Engine has been found to contain a local file inclusion (LFI) vulnerability. This vulnerability allows attackers to include files from the server's local file system through the web application. When exploited, this can lead to the unintended exposure of sensitive data, potential remote code execution, or other security breaches. Users utilizing versions of the Yak Engine prior to 1.2.4-sp1 are impacted. This vulnerability has been patched in version 1.2.4-sp1. Users are advised to upgrade. users unable to upgrade may avoid exposing vulnerable versions to untrusted input and to closely monitor any unexpected server behavior until they can upgrade.

References

Affected packages

Git / github.com/yaklang/yaklang

Affected ranges

Type
GIT
Repo
https://github.com/yaklang/yaklang
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected

Affected versions

v1.*

v1.2.0-sp6
v1.2.0-sp7
v1.2.0-sp8
v1.2.1