CVE-2021-3040

Severity CVSS v4.0:
Pending analysis
Type:
CWE-502 Deserialization of Untrusted Dat
Publication date:
10/06/2021
Last modified:
21/06/2021

Description

An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. This issue impacts Checkov 2.0 versions earlier than Checkov 2.0.139. Checkov 1.0 versions are not impacted.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:paloaltonetworks:bridgecrew_checkov:*:*:*:*:*:*:*:* 2.0.0 (including) 2.0.139 (excluding)


References to Advisories, Solutions, and Tools