CVE-2021-33575: Critical severity pixar ruby-jss vulnerability

Q: What is CVE-2021-33575?

CVE-2021-33575 is a vulnerability in the Pixar ruby-jss gem before version 1.6.0 that allows remote attackers to execute arbitrary code due to the use of Marshal.load during XML document processing.

Q: How can this vulnerability be exploited?

This vulnerability can be exploited by remote attackers to execute arbitrary code by manipulating XML documents processed by the Plist gem.

Q: What is the severity of CVE-2021-33575?

The severity of CVE-2021-33575 is critical, with a CVSS score of 9.8.

Q: Which software versions are affected by this vulnerability?

The Pixar ruby-jss gem versions before 1.6.0 are affected by this vulnerability.

Q: How can I fix this vulnerability?

To fix this vulnerability, it is recommended to update the Pixar ruby-jss gem to version 1.6.0 or newer.

Published May 25, 2021

Updated

The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing.

Affected Software

1 affected component

Pixar Ruby-jss Ruby<1.6.0

Event History

May 25, 2021

CVE Published

via MITRE·10:52 PM

Data Sourced

via MITRE·10:52 PM

Description

Frequently Asked Questions

What is CVE-2021-33575?

CVE-2021-33575 is a vulnerability in the Pixar ruby-jss gem before version 1.6.0 that allows remote attackers to execute arbitrary code due to the use of Marshal.load during XML document processing.

How can this vulnerability be exploited?

This vulnerability can be exploited by remote attackers to execute arbitrary code by manipulating XML documents processed by the Plist gem.

What is the severity of CVE-2021-33575?

The severity of CVE-2021-33575 is critical, with a CVSS score of 9.8.

Which software versions are affected by this vulnerability?

The Pixar ruby-jss gem versions before 1.6.0 are affected by this vulnerability.

How can I fix this vulnerability?