CVE-2023-40023

Summary

CVE-2023-40023 is a local file inclusion (LFI) vulnerability affecting the Yak Engine, a component of the cybersecurity-focused programming language Yaklang. This issue permits attackers to incorporate files from the server's local file system via the web application, potentially leading to the exposure of sensitive data, remote code execution, or other security breaches. Users running versions of the Yak Engine prior to 1.2.4-sp1 are at risk. It is strongly recommended that users upgrade to the patched version (1.2.4-sp1) to mitigate this vulnerability. Users unable to upgrade should limit exposure to untrusted input and closely monitor their servers for unusual behavior.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.