JFrog security researchers have collaborated with 23andMe, a biotechnology business, to fix a flaw in Yamale, a tool created by the company and utilized by over 200 repositories.
According to the JFrog security research team, CVE-2021-38305 lets attackers bypass existing protections and run arbitrary Python code by altering the schema file provided as input to Yamale.
23andMe Security was notified of a workaround to a patch applied to Yamale, the open-source library established by the firm to verify that YAML files are in the correct format and include all the correct data, according to a 23andMe spokeswoman.
To Read More: ZDNet
For more such updates follow us on Google News ITsecuritywire News