CVE-2021-3035
6.7
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
Summary
An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. This issue impacts Checkov 2.0 versions earlier than Checkov 2.0.26. Checkov 1.0 versions are not impacted.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Palo Alto Networks | Bridgecrew Checkov | 1.0 all | unaffected |
| Palo Alto Networks | Bridgecrew Checkov | 2.0 < 2.0.26 | affected |
Weaknesses
- CWE-502: CWE-502 Deserialization of Untrusted Data
Workarounds
Do not run Checkov on terraform files from untrusted sources or pull requests.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.