13 matches found
EUVD-2017-0082
Malware in sbrugna...
Unsafe deserialization in owlmixin
An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A "Load YAML" string or file aka loadyaml or loadyamlf can execute arbitrary Python commands resulting in command execution because load is used where safeload should have been used. An...
jumeaux (>=0.1.0 <=0.11.1) potentially affected by CVE-2017-16618 via owlmixin (>=1.2.0 <=1.2.0a1)
owlmixin PYPI version =1.2.0, =0.1.0, =0.11.1 Source cves: CVE-2017-16618 Source advisory: OSV:GHSA-CCMQ-QVCP-5MRM...
GHSA-CCMQ-QVCP-5MRM Unsafe deserialization in owlmixin
An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A "Load YAML" string or file aka loadyaml or loadyamlf can execute arbitrary Python commands resulting in command execution because load is used where safeload should have been used. An...
OwlMixin Command Execution Vulnerability
OwlMixin is a Python based tool that can convert data class instances, dict objects, json strings and yaml strings to each other . A security vulnerability exists in the YAML loading feature of the util.py file in OwlMixin versions prior to 2.0.0a12. An attacker can exploit this vulnerability by...
Design/Logic Flaw
An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A "Load YAML" string or file aka loadyaml or loadyamlf can execute arbitrary Python commands resulting in command execution because load is used where safeload should have been used. An...
CVE-2017-16618
An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A "Load YAML" string or file aka loadyaml or loadyamlf can execute arbitrary Python commands resulting in command execution because load is used where safeload should have been used. An...
CVE-2017-16618
An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A "Load YAML" string or file aka loadyaml or loadyamlf can execute arbitrary Python commands resulting in command execution because load is used where safeload should have been used. An...
PYSEC-2017-22
An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A "Load YAML" string or file aka loadyaml or loadyamlf can execute arbitrary Python commands resulting in command execution because load is used where safeload should have been used. An...
jumeaux (>=0.1.0 <=0.11.1) potentially affected by CVE-2017-16618 via owlmixin (>=1.2.0 <=1.2.0a1)
owlmixin PYPI version =1.2.0, =0.1.0, =0.11.1 Source cves: CVE-2017-16618 Source advisory: OSV:PYSEC-2017-22...
PYSEC-2017-22
An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A "Load YAML" string or file aka loadyaml or loadyamlf can execute arbitrary Python commands resulting in command execution because load is used where safeload should have been used. An...
CVE-2017-16618
An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A "Load YAML" string or file aka loadyaml or loadyamlf can execute arbitrary Python commands resulting in command execution because load is used where safeload should have been used. An...
CVE-2017-16618
CVE-2017-16618 describes an exploitable vulnerability in OwlMixin’s YAML loading path. The issue is in the YAML loading functionality of the file util.py where a call to the YAML loader (Load YAML) uses load_yaml/load_yamlf instead of a safer alternative. This enables an attacker to inject Python...