What is Adobe Ops-cli?
Adobe’s Ops-cli component is a Python (programming language) ‘wrapper‘ -powerful, useful tools also known as ‘decorators’ in the community that gives developers the ability to modify functions and classes in a software library or computer program. Adobe’s Ops-cli wrapper works with Terraform, Ansible and is designed for cloud computing automation. Wrappers or decorators are very useful because “they allow the extension of an existing function, without any modification to the original function source code.” The component is able to remove duplicated code and is very practical for multiple environments such as sandbox, stage, prod as well as across teams -meaning that it is an essential tool when it comes to Kubernetes and AWS deployments.
The Critical Software Vulnerability
Adobe’s Security Bulletin released a critical software vulnerability report on October 12th, 2021 that is related to the Adobe ops-cli component. The software vulnerability (CVE-2021-40720) affecting the component is a ‘Deserialization of Untrusted Data’ flaw.
Technical Details
The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to insecure input validation when processing serialized data, thus a remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system. Successful exploitation of this vulnerability may result in the complete compromise of a vulnerable system.
Vulnerable Software Versions
Version 2.0.4 and earlier are at risk. The complete list of the versions of Adobe’s ops-cli component that are vulnerable to the above risk is as follows; ops-cli: 0.20, 0.21, 0.22, 0.23, 0.24, 0.25, 0.26, 0.27, 0.28, 0.29, 0.30, 0.31, 0.32, 0.33, 0.34, 0.35, 0.36, 1.0, 1.1, 1.2, 1.3, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10.0, 1.10.1, 1.11.0, 1.11.1, 1.11.2, 1.11.3, 1.11.4, 1.11.5, 1.11.6, 1.11.7, 1.11.8, 1.11.9, 1.11.10, 1.11.11, 1.11.12, 1.12.0, 1.12.1, 1.12.2, 2.0.3, 2.0.4
Important User Information
Developers and programmers need to know that a fix has been released that mitigates the critical vulnerability risk. Updating to ops-cli release 2.0.5 will mitigate any outstanding security issues.