20 matches found
PT-2026-46126
Name of the Vulnerable Software and Affected Versions jupyter enterprise gateway versions prior to 3.3.0 Description Unsafe Jinja2 template rendering allows for Kubernetes manifest injection. The server interpolates untrusted environment variables such as KERNEL XXX into Kubernetes manifests...
BentoML 安全漏洞
BentoML is an open-source model service library developed by BentoML. It is used to build high-performance and scalable artificial intelligence applications using Python. Versions of BentoML prior to 1.4.39 contained a security vulnerability. This vulnerability stemmed from the lack of escaping f...
Astra Linux - уязвимость в ruby2.5
A issue was discovered in RDoc versions 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdocoptions used for configuration in RDoc as a YAML file, object injection and resulting remote code execution are possible because there are no restrictions on the classes that c...
CVE-2026-27598
Dagu is a workflow engine with a built-in Web user interface. In versions up to and including 1.16.7, the CreateNewDAG API endpoint POST /api/v1/dags does not validate the DAG name before passing it to the file store. An authenticated user with DAG write permissions can write arbitrary YAML files...
CVE-2026-25643
Frigate (NVR) prior to version 0.16.4 is affected by a critical Remote Command Execution (RCE) vulnerability in the go2rtc integration. The root cause is improper sanitization of user input in the video stream configuration (config.yaml), permitting injection of system commands via the exec: dire...
MiracleLinux 8 : ruby:3.1 (AXSA:2024-8503:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8503:01 advisory. ruby: RCE vulnerability with .rdocoptions in RDoc CVE-2024-27281 ruby: Buffer overread vulnerability in StringIO CVE-2024-27280 ruby: Arbitrary memo...
EUVD-2022-33582
Malicious code in bioql PyPI...
vulnerable-python-poc-exploit
Отчет по анализу уязвимостей Python приложения vulnerable...
Linux Distros Unpatched Vulnerability : CVE-2024-27281
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdocoptions used for configuration in RDoc as a YAM...
CVE-2022-29215
RegionProtect is a plugin that allows users to manage certain events in certain regions of the world. Versions prior to 1.1.0 contain a YAML injection vulnerability that can cause an instant server crash if the passed arguments are not matched. Version 1.1.0 contains a patch for this issue. As a...
DEBIAN-CVE-2024-27281
An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdocoptions used for configuration in RDoc as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be...
An issue was discovered in RDoc 6.3.3 through 6.6.2 as distributed in Ruby 3.x through 3.3.0. When parsing .rdoc_options (used for configuration in RDoc) as a YAML file object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be restored. (When loading the documentation cache object injection and resultant remote code execution are also possible if there were a crafted cache.) The main fixed version is 6.6.3.1. For Ruby 3.0 users a fixed version is rdoc 6.3.4.1. For Ruby 3.1 users a fixed version is rdoc 6.4.1.1. For Ruby 3.2 users a fixed version is rdoc 6.5.1.1.
...
SUSE CVE-2017-2810
An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability...
Design/Logic Flaw
RegionProtect is a plugin that allows users to manage certain events in certain regions of the world. Versions prior to 1.1.0 contain a YAML injection vulnerability that can cause an instant server crash if the passed arguments are not matched. Version 1.1.0 contains a patch for this issue. As a...
CVE-2022-29215 Argument Injection in RegionProtect
RegionProtect is a plugin that allows users to manage certain events in certain regions of the world. Versions prior to 1.1.0 contain a YAML injection vulnerability that can cause an instant server crash if the passed arguments are not matched. Version 1.1.0 contains a patch for this issue. As a...
CVE-2022-29215 Argument Injection in RegionProtect
RegionProtect is a plugin that allows users to manage certain events in certain regions of the world. Versions prior to 1.1.0 contain a YAML injection vulnerability that can cause an instant server crash if the passed arguments are not matched. Version 1.1.0 contains a patch for this issue. As a...
CVE-2022-29215 Argument Injection in RegionProtect
RegionProtect is a plugin that allows users to manage certain events in certain regions of the world. Versions prior to 1.1.0 contain a YAML injection vulnerability that can cause an instant server crash if the passed arguments are not matched. Version 1.1.0 contains a patch for this issue. As a...
CVE-2022-29215
CVE-2022-29215 affects the RegionProtect plugin. Versions prior to 1.1.0 contain a YAML injection vulnerability that can cause an instant server crash when passed arguments do not match. Version 1.1.0 includes a patch for this issue. As a workaround, restrict operator permissions to untrusted use...
Code injection
In Apache ShardingSphereincubator 4.0.0-RC3 and 4.0.0, the ShardingSphere's web console uses the SnakeYAML library for parsing YAML inputs to load datasource configuration. SnakeYAML allows to unmarshal data to a Java type By using the YAML tag. Unmarshalling untrusted data can lead to security...
GHSA-GCR6-RF47-JRGF Loaded Databook of Tablib prone to python insertion resulting in command execution
An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability...