Lucene search
K

51 matches found

PyPA
PyPA
added 2021/10/04 10:15 a.m.6 views

PYSEC-2021-429

SLO generator allows for loading of YAML files that if crafted in a specific format can allow for code execution within the context of the SLO Generator. We recommend upgrading SLO Generator past https://github.com/google/slo-generator/pull/173...

7.8CVSS7.6AI score0.0158EPSS
Exploits4References3Affected Software1
CNNVD
CNNVD
added 2021/10/04 12:0 a.m.5 views

Slo Generator 操作系统命令注入漏洞

Slo Generator is a tool. for calculating Sli, Slo, error budgets and consumption rates and exporting Slo reports to supported exporters. Slo Generator suffers from an operating system command injection vulnerability that stems from the Slo Generator allowing the loading of YAML files. An attacker...

7.8CVSS7.5AI score0.0158EPSS
Exploits4References5
BDU FSTEC
BDU FSTEC
added 2021/07/08 12:0 a.m.8 views

The vulnerability of the PyYAML syntax analyzer lies in insufficient validation of input data, allowing an attacker to execute arbitrary code.

The vulnerability of the PyYAML syntax analyzer is related to insufficient validation of data entered by users during the processing of unreliable YAML files using the fullload method or the FullLoader loader. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using ...

10CVSS7.5AI score0.05984EPSS
Exploits0References9Affected Software3
OSV
OSV
added 2020/10/20 8:49 p.m.4 views

USN-4595-1 grunt vulnerability

It was discovered that Grunt did not properly load yaml files. An attacker could possibly use this to execute arbitrary code. CVE-2020-7729...

7.1CVSS7.4AI score0.02285EPSS
Exploits1References2
OSV
OSV
added 2020/08/20 8:15 a.m.2 views

UBUNTU-CVE-2020-10289

Use of unsafe yaml load. Allows instantiation of arbitrary objects. The flaw itself is caused by an unsafe parsing of YAML values which happens whenever an action message is processed to be sent, and allows for the creation of Python objects. Through this flaw in the ROS core package of actionlib...

8.8CVSS7.5AI score0.0195EPSS
Exploits0References3
PyPA
PyPA
added 2020/05/22 5:15 p.m.7 views

PYSEC-2020-341

An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safeload is not used...

9.8CVSS7.5AI score0.04422EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2020/05/22 12:0 a.m.2 views

PT-2020-4065 · Jw · Jw.Util

Name of the Vulnerable Software and Affected Versions: jw.util versions prior to 2.3 Description: The issue is related to errors in processing YAML files when loading configuration, allowing a remote attacker to execute arbitrary operating system commands. This is due to the lack of safe load whe...

9.8CVSS9.6AI score0.04422EPSS
Exploits1References10
OSV
OSV
added 2018/07/18 6:28 p.m.2 views

GHSA-M85C-9MF8-M2M6 Unsafe deserialization in confire

An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from "/.confire.yaml" using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in command execution. An...

9.8CVSS6.1AI score0.04435EPSS
Exploits1References7
OSV
OSV
added 2018/07/13 4:1 p.m.16 views

GHSA-CCMQ-QVCP-5MRM Unsafe deserialization in owlmixin

An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A "Load YAML" string or file aka loadyaml or loadyamlf can execute arbitrary Python commands resulting in command execution because load is used where safeload should have been used. An...

9.8CVSS9.9AI score0.04435EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2018/07/13 4:1 p.m.30 views

Unsafe deserialization in owlmixin

An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A "Load YAML" string or file aka loadyaml or loadyamlf can execute arbitrary Python commands resulting in command execution because load is used where safeload should have been used. An...

9.8CVSS9.6AI score0.04435EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2018/07/13 3:16 p.m.22 views

GHSA-C2W9-48QC-QPJ4 Code injection in ansible

An exploitable vulnerability exists in the yaml loading functionality of ansible-vault before 1.0.5. A specially crafted vault can execute arbitrary python commands resulting in command execution. An attacker can insert python into the vault to trigger this vulnerability...

8.5CVSS7.9AI score0.02967EPSS
Exploits1References9
Github Security Blog
Github Security Blog
added 2018/07/13 3:16 p.m.54 views

Code injection in ansible

An exploitable vulnerability exists in the yaml loading functionality of ansible-vault before 1.0.5. A specially crafted vault can execute arbitrary python commands resulting in command execution. An attacker can insert python into the vault to trigger this vulnerability...

7.8CVSS5AI score0.02967EPSS
Exploits1References8Affected Software1
CNVD
CNVD
added 2018/07/04 12:0 a.m.1 views

Unspecified vulnerability in PyYAML

PyYAML is a next-generation YAML parser based on Python. A security vulnerability exists in PyYAML versions prior to 4.1, which stems from the program not using the 'yaml.safeload' function. An attacker can exploit this vulnerability to execute arbitrary code...

9.8CVSS7.5AI score0.06031EPSS
Exploits1References1
Prion
Prion
added 2018/07/01 10:29 p.m.22 views

Code injection

scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing...

7.5CVSS9.6AI score0.02476EPSS
Exploits0References2Affected Software2
OSV
OSV
added 2018/07/01 10:29 p.m.1 views

DEBIAN-CVE-2018-13043

scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing...

9.8CVSS9AI score0.02476EPSS
Exploits0References1
OSV
OSV
added 2018/07/01 10:29 p.m.7 views

CVE-2018-13043

scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing...

9.8CVSS9.6AI score
Exploits0References2
NVD
NVD
added 2018/07/01 10:29 p.m.43 views

CVE-2018-13043

scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing...

9.8CVSS9.7AI score0.02476EPSS
Exploits0References2
CVE
CVE
added 2018/07/01 10:0 p.m.73 views

CVE-2018-13043

CVE-2018-13043 affects Debian devscripts up to 2.18.3, where scripts/grep-excuses.pl loads YAML unsafely (YAML::Syck without blessing), enabling code execution. Other advisories (Ubuntu USN-3704-1, Fedora updates) reference the same issue and indicate fixes to devscripts 2.18.4. The vulnerability...

9.8CVSS9.4AI score0.02476EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/07/01 10:0 p.m.46 views

CVE-2018-13043

scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing...

9.6AI score0.02476EPSS
Exploits0References2
OSV
OSV
added 2018/07/01 12:0 a.m.3 views

UBUNTU-CVE-2018-13043

scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing...

9.8CVSS7.7AI score0.02476EPSS
Exploits0References4
Rows per page
Query Builder