Описание
An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A "Load YAML" string or file (aka load_yaml or load_yamlf) can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability.
Ссылки
- PatchThird Party Advisory
- ExploitPatchThird Party Advisory
- ExploitThird Party Advisory
- PatchThird Party Advisory
- ExploitPatchThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.0.0 (исключая)
Одно из
cpe:2.3:a:owlmixin_project:owlmixin:*:*:*:*:*:*:*:*
cpe:2.3:a:owlmixin_project:owlmixin:2.0.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:owlmixin_project:owlmixin:2.0.0:alpha10:*:*:*:*:*:*
cpe:2.3:a:owlmixin_project:owlmixin:2.0.0:alpha11:*:*:*:*:*:*
cpe:2.3:a:owlmixin_project:owlmixin:2.0.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:owlmixin_project:owlmixin:2.0.0:alpha3:*:*:*:*:*:*
cpe:2.3:a:owlmixin_project:owlmixin:2.0.0:alpha4:*:*:*:*:*:*
cpe:2.3:a:owlmixin_project:owlmixin:2.0.0:alpha5:*:*:*:*:*:*
cpe:2.3:a:owlmixin_project:owlmixin:2.0.0:alpha6:*:*:*:*:*:*
cpe:2.3:a:owlmixin_project:owlmixin:2.0.0:alpha7:*:*:*:*:*:*
cpe:2.3:a:owlmixin_project:owlmixin:2.0.0:alpha8:*:*:*:*:*:*
cpe:2.3:a:owlmixin_project:owlmixin:2.0.0:alpha9:*:*:*:*:*:*
EPSS
Процентиль: 83%
0.02016
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
EPSS
Процентиль: 83%
0.02016
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
NVD-CWE-noinfo