OISF suricata-update version 1.0.0a1 contains an Insecure Deserialization vulnerability in the insecure yaml.load-Function as used in the following files:,, and The “list-sources”-command is affected by this bug. that can result in Remote Code Execution(even as root if suricata-update is called by root). This attack appears to be exploitable via a specially crafted yaml-file at This vulnerability appears to have been fixed in 1.0.0b1. (CVSS:0.0) (Last Update:2018-04-18)

نوشته های مشابه