{"id":"CVE-2021-34066","details":"An issue was discovered in EdgeGallery/developer before v1.0. There is a \"Deserialization of yaml file\" vulnerability that can allow attackers to execute system command through uploading the malicious constructed YAML file.","modified":"2026-04-12T03:28:03.496057Z","published":"2021-08-30T19:15:08.703Z","references":[{"type":"EVIDENCE","url":"https://github.com/EdgeGallery/developer-be/issues/1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/edgegallery/developer-be","events":[{"introduced":"0"},{"fixed":"b7f7ccbcbf10cbd5d2ce8cf602e287d035dbe3e7"}],"database_specific":{"cpe":"cpe:2.3:a:edgegallery:developer-be:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"1.0"}],"source":"CPE_FIELD"}}],"versions":["Release-v0.9-tag","v0.9-CodeFreeze"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-34066.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}