CVE-2021-23338

🗓️ 15 Feb 2021 16:15:15Reported by snykType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 25 Views

This affects all versions of package qlib. The workflow function in cli part of qlib was using an unsafe YAML load function

Reporter	Title	Published	Views	Family All 6
OSV	PYSEC-2021-86	15 Feb 202116:15	–	osv
Prion	Code injection	15 Feb 202116:15	–	prion
NVD	CVE-2021-23338	15 Feb 202116:15	–	nvd
Github Security Blog	qlib Deserialization of Untrusted Data vulnerability	24 May 202217:42	–	github
Huntr	Code Injection in microsoft/qlib	21 Dec 202000:00	–	huntr
Cvelist	CVE-2021-23338 Deserialization of Untrusted Data	15 Feb 202115:50	–	cvelist

Nvd

Node

microsoft qlib

[
  {
    "product": "qlib",
    "vendor": "n/a",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
github	www.github.com/418sec/huntr/pull/1329
snyk	www.snyk.io/vuln/SNYK-PYTHON-QLIB-1054635

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

15 Feb 2021 16:15Current

6.7Medium risk

Vulners AI Score6.7

CVSS26.5

CVSS36.6 - 7.2

EPSS0.00187

CWE-502