CVE-2021-3035

Summary

An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. This issue impacts Checkov 2.0 versions earlier than Checkov 2.0.26. Checkov 1.0 versions are not impacted.

Affected Software

VendorProductVersion RangeStatus
Palo Alto NetworksBridgecrew Checkov1.0 allunaffected
Palo Alto NetworksBridgecrew Checkov2.0 < 2.0.26affected

Weaknesses

  • CWE-502: CWE-502 Deserialization of Untrusted Data

Workarounds

Do not run Checkov on terraform files from untrusted sources or pull requests.

ADP Enrichment

CVE Program Container

Additional References

References