Nameko
1 CVEs
product
Monthly
Nameko through 2.13.0 can be tricked into performing arbitrary code execution when deserializing the config file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Deserialization
RCE
Nameko
NVD
GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2021-41078
PyPI
EPSS 1%
CVSS 7.8
HIGH
POC
PATCH
This Week
Nameko through 2.13.0 can be tricked into performing arbitrary code execution when deserializing the config file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Deserialization
RCE
Nameko
NVD
GitHub