Lucene search
GoogleOSV:GHSA-9PV8-Q5RX-C8GQHistoryJul 13, 2018 - 3:16 p.m.
django_make_app is vulnerable to Code Injection
2018-07-1315:16:59
Google
osv.dev
6
0.017 Low
EPSS
Percentile
87.8%
An exploitable vulnerability exists in the YAML parsing functionality in the read_yaml_file method in io_utils.py in django_make_app 0.1.3. A YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability.
| CPE | Name | Operator | Version |
|---|---|---|---|
| django-make-app | eq | 0.1.2.1 | |
| django-make-app | eq | 0.1.0.1 | |
| django-make-app | eq | 0.1.2 | |
| django-make-app | eq | 0.1.1 | |
| django-make-app | eq | 0.1.0 | |
| django-make-app | eq | 0.1.3 |
References
github.com/illagrenan/django-make-app
github.com/illagrenan/django-make-app/commit/acd814433d1021aa8783362521b0bd151fdfc9d2
github.com/illagrenan/django-make-app/issues/5
joel-malwarebenchmark.github.io/blog/2017/11/12/cve-2017-16764-vulnerability-in-django-make-app
nvd.nist.gov/vuln/detail/CVE-2017-16764
Related
prion
prion
Input validation
2017-11-10 09:29:00
osv
osv
CVE-2017-16764
2017-11-10 09:29:00
PYSEC-2017-79
2017-11-10 09:29:00
cve
cve
CVE-2017-16764
2017-11-10 09:29:00
nvd
nvd
CVE-2017-16764
2017-11-10 09:29:00
cvelist
cvelist
CVE-2017-16764
2017-11-10 09:00:00
github
github
django_make_app is vulnerable to Code Injection
2018-07-13 15:16:59
veracode
veracode
Remote Code Execution (RCE)
2017-11-11 00:11:31