635 matches found
GHSA-RHHJ-5436-95VF Code execution in Embedchain
The OpenAPI loader in Embedchain before 0.1.57 allows attackers to execute arbitrary code, related to the openapi.py yaml.load function argument...
Code execution in Embedchain
The OpenAPI loader in Embedchain before 0.1.57 allows attackers to execute arbitrary code, related to the openapi.py yaml.load function argument...
GHSA-297X-2QF3-JRJ3 Unsafe yaml deserialization in llama-hub
The OpenAPI and ChatGPT plugin loaders in LlamaHub aka llama-hub before 0.0.67 allow attackers to execute arbitrary code because safeload is not used for YAML...
CVE-2024-23731
The OpenAPI loader in Embedchain before 0.1.57 allows attackers to execute arbitrary code, related to the openapi.py yaml.load function argument...
CVE-2024-23731
The OpenAPI loader in Embedchain before 0.1.57 allows attackers to execute arbitrary code, related to the openapi.py yaml.load function argument...
CVE-2024-23730
The OpenAPI and ChatGPT plugin loaders in LlamaHub aka llama-hub before 0.0.67 allow attackers to execute arbitrary code because safeload is not used for YAML...
PYSEC-2024-7
The OpenAPI loader in Embedchain before 0.1.57 allows attackers to execute arbitrary code, related to the openapi.py yaml.load function argument...
Design/Logic Flaw
The OpenAPI loader in Embedchain before 0.1.57 allows attackers to execute arbitrary code, related to the openapi.py yaml.load function argument...
Design/Logic Flaw
The OpenAPI and ChatGPT plugin loaders in LlamaHub aka llama-hub before 0.0.67 allow attackers to execute arbitrary code because safeload is not used for YAML...
PYSEC-2024-7
The OpenAPI loader in Embedchain before 0.1.57 allows attackers to execute arbitrary code, related to the openapi.py yaml.load function argument...
CVE-2024-23731
The OpenAPI loader in Embedchain before 0.1.57 allows attackers to execute arbitrary code, related to the openapi.py yaml.load function argument...
CVE-2024-23731
CVE-2024-23731 affects Embedchain’s OpenAPI loader prior to version 0.1.57 . The vulnerability arises from using yaml.load in the file openapi.py, enabling attackers to execute arbitrary code. The issue is confirmed by multiple sources (e.g., Red Hat and Veracode) and is classified as a CRITICAL ...
PT-2024-20040 · Llamahub · Llamahub
Name of the Vulnerable Software and Affected Versions: LlamaHub aka llama-hub versions prior to 0.0.67 Description: The OpenAPI and ChatGPT plugin loaders in LlamaHub allow attackers to execute arbitrary code because safe load is not used for YAML. This issue enables attackers to execute arbitrar...
CVE-2024-23731
The OpenAPI loader in Embedchain before 0.1.57 allows attackers to execute arbitrary code, related to the openapi.py yaml.load function argument...
CVE-2024-23730
The OpenAPI and ChatGPT plugin loaders in LlamaHub aka llama-hub before 0.0.67 allow attackers to execute arbitrary code because safeload is not used for YAML...
CVE-2024-23730
Affected software: LlamaHub (aka llama-hub) prior to version 0.0.67. Vulnerability: OpenAPI and ChatGPT plugin loaders parse YAML without using safe_load, enabling arbitrary code execution. Root cause: unsafe YAML deserialization. Impact (as stated): arbitrary code execution by an attacker. Affec...
Embedchain Security Breach
Embedchain is an open source RAG framework from Embedchain Open Source. A security vulnerability exists in Embedchain versions prior to 0.1.57. An attacker can exploit this vulnerability to execute arbitrary code related to the parameters of the openapi.py yaml.load function...
U.S. Dept Of Defense: Resource Injection - [████████]
The Swagger UI prior to version 4.1.3 was vulnerable to spoofing attacks. By crafting a URL with a malicious payload, an attacker could have displayed remote OpenAPI definitions on the affected host...
Testing with OpenAPI Specifications
The 2023 SANS Survey on API Security Jun-2023 found that less than 50 percent of respondents have API security testing tools in place. Even fewer 29 percent have API discovery tools. Wallarm delivers both these capabilities via our single, integrated App and API Security platform. Wallarm has lon...
Malicious code in python-alibabacloud-tea-openapi (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 1a75cd94261db49f7ab1e359b2579e7645756a48f20eb6a49465f980f5c2b43d Attack targeted at users of Alibaba, AWS and Telegram via malicious packages published to PyPI. The malicious code was hidden in strategic...