CVE-2021-3040

Published: Jun 10, 2021Modified: Nov 21, 2024

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. This issue impacts Checkov 2.0 versions earlier than Checkov 2.0.139. Checkov 1.0 versions are not impacted.

Affected (1)

Products: Paloaltonetworks: Bridgecrew Checkov

Paloaltonetworks

1 product

Bridgecrew Checkov

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Paloaltonetworks Bridgecrew Checkov	From 2.0.0 to 2.0.139

Related CWEs

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (2)

https://security.paloaltonetworks.com/CVE-2021-3040

Source: psirt@paloaltonetworks.com

Vendor Advisory

https://security.paloaltonetworks.com/CVE-2021-3040

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.