Tag
high
advisory
Sentry 8.2.0 Remote Code Execution via Pickle Deserialization (CVE-2021-47935)
2 rules 1 TTP 1 CVESentry 8.2.0 contains a remote code execution vulnerability (CVE-2021-47935) that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter via crafted POST requests to the admin audit log endpoint.
Sentry 8.2.0
rce
pickle
deserialization
sentry
2r
1t
1c
critical
advisory
pyLoad Arbitrary Code Execution via Malicious Session Deserialization
2 rules 4 TTPs 1 CVE 2 IOCspyLoad is vulnerable to arbitrary code execution via an unprotected `storage_folder` configuration option, allowing an attacker with `SETTINGS` and `ADD` permissions to write a malicious pickle payload to the Flask session store and execute arbitrary code upon subsequent HTTP requests.
pyLoad
rce
pickle
deserialization
webserver
2r
4t
1c
2i