Description

yaklang is a programming language designed for cybersecurity. The Yak Engine has been found to contain a local file inclusion (LFI) vulnerability. This vulnerability allows attackers to include files from the server's local file system through the web application. When exploited, this can lead to the unintended exposure of sensitive data, potential remote code execution, or other security breaches. Users utilizing versions of the Yak Engine prior to 1.2.4-sp1 are impacted. This vulnerability has been patched in version 1.2.4-sp1. Users are advised to upgrade. users unable to upgrade may avoid exposing vulnerable versions to untrusted input and to closely monitor any unexpected server behavior until they can upgrade.

Related CPE's

a

yaklang

yaklang

26

References

https://github.com/yaklang/yaklang/pull/295

Patch

https://github.com/yaklang/yaklang/pull/296

Patch

https://github.com/yaklang/yaklang/security/advisories/GHSA-xvhg-w6qc-m3qq

Third Party Advisory

Weaknesses

[email protected]

Primary
NVD-CWE-Other

[email protected]

Secondary
CWE-200

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2023-08-14T20:15:12.530

11 months ago

Last modified

2023-08-21T18:10:59.167

11 months ago