Количество 2
Количество 2
CVE-2017-16618
An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A "Load YAML" string or file (aka load_yaml or load_yamlf) can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability.
GHSA-ccmq-qvcp-5mrm
Unsafe deserialization in owlmixin
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2017-16618 An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A "Load YAML" string or file (aka load_yaml or load_yamlf) can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability. | CVSS3: 9.8 | 2% Низкий | больше 8 лет назад |
| GHSA-ccmq-qvcp-5mrm Unsafe deserialization in owlmixin | CVSS3: 9.8 | 2% Низкий | больше 7 лет назад |
Уязвимостей на страницу