An exploitable vulnerability exists in the YAML parsing functionality in the read_yaml_file method in io_utils.py in django_make_app 0.1.3. A YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability.
CPE | Name | Operator | Version |
---|---|---|---|
django-make-app | eq | 0.1.2.1 | |
django-make-app | eq | 0.1.0.1 | |
django-make-app | eq | 0.1.2 | |
django-make-app | eq | 0.1.1 | |
django-make-app | eq | 0.1.3 |