Lucene search
GoogleOSV:PYSEC-2017-79HistoryNov 10, 2017 - 9:29 a.m.
PYSEC-2017-79
2017-11-1009:29:00
Google
osv.dev
6
0.017 Low
EPSS
Percentile
87.8%
An exploitable vulnerability exists in the YAML parsing functionality in the read_yaml_file method in io_utils.py in django_make_app 0.1.3. A YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability.
| CPE | Name | Operator | Version |
|---|---|---|---|
| django-make-app | eq | 0.1.2.1 | |
| django-make-app | eq | 0.1.0.1 | |
| django-make-app | eq | 0.1.2 | |
| django-make-app | eq | 0.1.1 | |
| django-make-app | eq | 0.1.3 |
Related
prion
prion
Input validation
2017-11-10 09:29:00
osv
osv
CVE-2017-16764
2017-11-10 09:29:00
django_make_app is vulnerable to Code Injection
2018-07-13 15:16:59
cve
cve
CVE-2017-16764
2017-11-10 09:29:00
nvd
nvd
CVE-2017-16764
2017-11-10 09:29:00
github
github
django_make_app is vulnerable to Code Injection
2018-07-13 15:16:59
cvelist
cvelist
CVE-2017-16764
2017-11-10 09:00:00
veracode
veracode
Remote Code Execution (RCE)
2017-11-11 00:11:31