Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2023-40023

Good to know:

icon

Date: August 14, 2023

yaklang is a programming language designed for cybersecurity. The Yak Engine has been found to contain a local file inclusion (LFI) vulnerability. This vulnerability allows attackers to include files from the server's local file system through the web application. When exploited, this can lead to the unintended exposure of sensitive data, potential remote code execution, or other security breaches. Users utilizing versions of the Yak Engine prior to 1.2.4-sp1 are impacted. This vulnerability has been patched in version 1.2.4-sp1. Users are advised to upgrade. users unable to upgrade may avoid exposing vulnerable versions to untrusted input and to closely monitor any unexpected server behavior until they can upgrade.

Language: Go

Severity Score

Related Resources (7)

https://nvd.nist.gov/vuln/detail/CVE-2023-40023
https://github.com/yaklang/yaklang
https://mp.weixin.qq.com/s?__biz=Mzg5ODE3NTU1OQ==&mid=2247484236&idx=1&sn=ef0c14a89721800b2311d0e487388399
https://github.com/yaklang/yaklang/security/advisories/GHSA-xvhg-w6qc-m3qq
https://github.com/yaklang/yaklang/pull/296
https://github.com/yaklang/yaklang/pull/295
https://www.mend.io/vulnerability-database/CVE-2023-40023

Severity Score

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

Top Fix

icon

Upgrade Version

Upgrade to version github.com/yaklang/yaklang - v1.2.4-sp2

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): NONE
Availability (A): NONE

Do you need more information?

Contact Us