Количество 2
Количество 2
CVE-2017-16615
An exploitable vulnerability exists in the YAML parsing functionality in the parse_yaml_query method in parser.py in MLAlchemy before 0.2.2. When processing YAML-Based queries for data, a YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability.
GHSA-xpm8-98mx-h4c5
Unsafe deserialization in MLAlchemy
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2017-16615 An exploitable vulnerability exists in the YAML parsing functionality in the parse_yaml_query method in parser.py in MLAlchemy before 0.2.2. When processing YAML-Based queries for data, a YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability. | CVSS3: 9.8 | 1% Низкий | больше 8 лет назад |
| GHSA-xpm8-98mx-h4c5 Unsafe deserialization in MLAlchemy | CVSS3: 9.8 | 1% Низкий | больше 7 лет назад |
Уязвимостей на страницу