Описание
A flaw was found in the yaml.load() function in the osbs-client versions since 0.46 before 0.56.1. Insecure use of the yaml.load() function allowed the user to load any suspicious object for code execution via the parsing of malicious YAML files.
Ссылки
- Issue Tracking
- PatchThird Party Advisory
- Issue Tracking
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 0.46 (включая) до 0.56.1 (исключая)
cpe:2.3:a:osbs-client_project:osbs-client:*:*:*:*:*:*:*:*
EPSS
Процентиль: 72%
0.00727
Низкий
7.2 High
CVSS3
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-502
CWE-502
Связанные уязвимости
CVSS3: 7.2
debian
больше 6 лет назад
A flaw was found in the yaml.load() function in the osbs-client versio ...
CVSS3: 7.2
github
больше 3 лет назад
A flaw was found in the yaml.load() function in the osbs-client versions since 0.46 before 0.56.1. Insecure use of the yaml.load() function allowed the user to load any suspicious object for code execution via the parsing of malicious YAML files.
EPSS
Процентиль: 72%
0.00727
Низкий
7.2 High
CVSS3
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-502
CWE-502