JFrog and 23andMe Teamed Up to Address Code Injection Vulnerability

11
JFrog and 23andMe Teamed Up to Address Code Injection Vulnerability-01

JFrog security researchers have collaborated with 23andMe, a biotechnology business, to fix a flaw in Yamale, a tool created by the company and utilized by over 200 repositories. 

According to the JFrog security research team, CVE-2021-38305 lets attackers bypass existing protections and run arbitrary Python code by altering the schema file provided as input to Yamale. 

23andMe Security was notified of a workaround to a patch applied to Yamale, the open-source library established by the firm to verify that YAML files are in the correct format and include all the correct data, according to a 23andMe spokeswoman.

To Read More: ZDNet

For more such updates follow us on Google News ITsecuritywire News