14 matches found
EUVD-2017-0019
Malware in sbrugna...
tribe (>=1.2.0 <=1.3.0) potentially affected by CVE-2017-16763 via confire (=0.2.0)
confire PYPI version =0.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on confire and may be impacted: - tribe =1.2.0, =1.3.0 Source cves: CVE-2017-16763 Source advisory: OSV:GHSA-M85C-9MF8-M2M6...
GHSA-M85C-9MF8-M2M6 Unsafe deserialization in confire
An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from "/.confire.yaml" using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in command execution. An...
Unsafe deserialization in confire
An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from "/.confire.yaml" using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in command execution. An...
Confire config.py File Arbitrary Command Execution Vulnerability
Confire is a set of application configuration tools built on Scapy, Django and other configuration parsers. A security vulnerability in the YAML parsing function of the config.py file in Confire version 0.2.0 stems from the program using the 'yaml.load' function to load user-specific configuratio...
Remote Code Execution (RCE)
confire is vulnerable to remote code execution attacks. The attacks can happen because the config.py file allows users to parse their configuration from the /.confire.yaml through the yaml.load function of the YAML parser, allowing attackers to inject and execute arbitrary python commands...
PYSEC-2017-78
An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from "/.confire.yaml" using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in command execution. An...
Input validation
An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from "/.confire.yaml" using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in command execution. An...
tribe (>=1.2.0 <=1.3.0) potentially affected by CVE-2017-16763 via confire (=0.2.0)
confire PYPI version =0.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on confire and may be impacted: - tribe =1.2.0, =1.3.0 Source cves: CVE-2017-16763 Source advisory: OSV:PYSEC-2017-78...
CVE-2017-16763
An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from "/.confire.yaml" using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in command execution. An...
PYSEC-2017-78
An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from "/.confire.yaml" using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in command execution. An...
CVE-2017-16763
An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from "/.confire.yaml" using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in command execution. An...
CVE-2017-16763
The CVE-2017-16763 entry covers Confire 0.2.0: YAML parsing in config.py loads user config from ~/.confire.yaml using yaml.load, enabling arbitrary Python execution and command execution on the host. This is a YAML deserialization issue that can be triggered by injected YAML. The connected docume...
CVE-2017-16763
An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from "/.confire.yaml" using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in command execution. An...