51 matches found
PYSEC-2021-429
SLO generator allows for loading of YAML files that if crafted in a specific format can allow for code execution within the context of the SLO Generator. We recommend upgrading SLO Generator past https://github.com/google/slo-generator/pull/173...
Slo Generator 操作系统命令注入漏洞
Slo Generator is a tool. for calculating Sli, Slo, error budgets and consumption rates and exporting Slo reports to supported exporters. Slo Generator suffers from an operating system command injection vulnerability that stems from the Slo Generator allowing the loading of YAML files. An attacker...
The vulnerability of the PyYAML syntax analyzer lies in insufficient validation of input data, allowing an attacker to execute arbitrary code.
The vulnerability of the PyYAML syntax analyzer is related to insufficient validation of data entered by users during the processing of unreliable YAML files using the fullload method or the FullLoader loader. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using ...
USN-4595-1 grunt vulnerability
It was discovered that Grunt did not properly load yaml files. An attacker could possibly use this to execute arbitrary code. CVE-2020-7729...
UBUNTU-CVE-2020-10289
Use of unsafe yaml load. Allows instantiation of arbitrary objects. The flaw itself is caused by an unsafe parsing of YAML values which happens whenever an action message is processed to be sent, and allows for the creation of Python objects. Through this flaw in the ROS core package of actionlib...
PYSEC-2020-341
An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safeload is not used...
PT-2020-4065 · Jw · Jw.Util
Name of the Vulnerable Software and Affected Versions: jw.util versions prior to 2.3 Description: The issue is related to errors in processing YAML files when loading configuration, allowing a remote attacker to execute arbitrary operating system commands. This is due to the lack of safe load whe...
GHSA-M85C-9MF8-M2M6 Unsafe deserialization in confire
An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from "/.confire.yaml" using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in command execution. An...
GHSA-CCMQ-QVCP-5MRM Unsafe deserialization in owlmixin
An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A "Load YAML" string or file aka loadyaml or loadyamlf can execute arbitrary Python commands resulting in command execution because load is used where safeload should have been used. An...
Unsafe deserialization in owlmixin
An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A "Load YAML" string or file aka loadyaml or loadyamlf can execute arbitrary Python commands resulting in command execution because load is used where safeload should have been used. An...
GHSA-C2W9-48QC-QPJ4 Code injection in ansible
An exploitable vulnerability exists in the yaml loading functionality of ansible-vault before 1.0.5. A specially crafted vault can execute arbitrary python commands resulting in command execution. An attacker can insert python into the vault to trigger this vulnerability...
Code injection in ansible
An exploitable vulnerability exists in the yaml loading functionality of ansible-vault before 1.0.5. A specially crafted vault can execute arbitrary python commands resulting in command execution. An attacker can insert python into the vault to trigger this vulnerability...
Unspecified vulnerability in PyYAML
PyYAML is a next-generation YAML parser based on Python. A security vulnerability exists in PyYAML versions prior to 4.1, which stems from the program not using the 'yaml.safeload' function. An attacker can exploit this vulnerability to execute arbitrary code...
Code injection
scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing...
DEBIAN-CVE-2018-13043
scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing...
CVE-2018-13043
scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing...
CVE-2018-13043
scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing...
CVE-2018-13043
CVE-2018-13043 affects Debian devscripts up to 2.18.3, where scripts/grep-excuses.pl loads YAML unsafely (YAML::Syck without blessing), enabling code execution. Other advisories (Ubuntu USN-3704-1, Fedora updates) reference the same issue and indicate fixes to devscripts 2.18.4. The vulnerability...
CVE-2018-13043
scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing...
UBUNTU-CVE-2018-13043
scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing...