EUVD-2021-0470

Malware in sbrugna...

esmvalcore (>=2.0.0 <=2.2.0), esque (>=0.2.0 <=0.3.1) +6 more potentially affected by CVE-2021-38305 via yamale (>=2.0.1 <=3.0.7)

yamale PYPI version =2.0.1, =2.0.0, =0.2.0, =0.0.2, =1.0.0, =0.0.1.dev3092, =0.1.0b0, =0.1.0b6 Source cves: CVE-2021-38305 Source advisory: OSV:GHSA-435P-F82X-MXWM...

esmvalcore (>=2.0.0 <=2.2.0), esque (>=0.2.0 <=0.3.1) +6 more potentially affected by CVE-2021-38305 via yamale (>=2.0.1 <=3.0.7)

yamale PYPI version =2.0.1, =2.0.0, =0.2.0, =0.0.2, =1.0.0, =0.0.1.dev3092, =0.1.0b0, =0.1.0b6 Source cves: CVE-2021-38305 Source advisory: OSV:PYSEC-2021-119...

PYSEC-2021-119

23andMe Yamale before 3.0.8 allows remote attackers to execute arbitrary code via a crafted schema file. The schema parser uses eval as part of its processing, and tries to protect from malicious expressions by limiting the builtins that are passed to the eval. When processing the schema, each li...

PYSEC-2021-119

23andMe Yamale before 3.0.8 allows remote attackers to execute arbitrary code via a crafted schema file. The schema parser uses eval as part of its processing, and tries to protect from malicious expressions by limiting the builtins that are passed to the eval. When processing the schema, each li...

23andMe Yamale 代码问题漏洞

23andMe Yamale is the architecture and validator for open source YAML. A code issue vulnerability exists in 23andMe Yamale that stems from the pattern parser in 23andMe Yamale prior to version 3.0.8 using eval as part of its processing and attempting to prevent malicious expressions by limiting t...