Critical severity vulnerability that affects django_make_app

2018-07-13T15:16:59
ID GHSA-9PV8-Q5RX-C8GQ
Type github
Reporter GitHub Advisory Database
Modified 2019-07-03T21:02:01

Description

An exploitable vulnerability exists in the YAML parsing functionality in the read_yaml_file method in io_utils.py in django_make_app 0.1.3. A YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability.