6 matches found
CVE-2025-11157
CVE-2025-11157 is a high-severity remote code execution flaw in feast-dev/feast v0.53.0, due to unsafe YAML deserialization in the Kubernetes materializer (feast/sdk/python/feast/infra/compute_engines/kubernetes/main.py) where yaml.load(..., Loader=yaml.Loader) processes /var/feast/feature_store....
activerecord: Possible RCE escalation bug with Serialized Columns in Active Record
An insecure deserialization flaw was found in Active Record, which uses YAML.unsafeload to convert the YAML data into Ruby objects. An attacker supplying crafted data to the database can perform remote code execution RCE, resulting in complete system compromise...
activerecord: Possible RCE escalation bug with Serialized Columns in Active Record
An insecure deserialization flaw was found in Active Record, which uses YAML.unsafeload to convert the YAML data into Ruby objects. An attacker supplying crafted data to the database can perform remote code execution RCE, resulting in complete system compromise...
Remote Code Execution (RCE)
Overview activerecord is a library for databases on Rails. Affected versions of this package are vulnerable to Remote Code Execution RCE. When serialized columns that use YAML the default are deserialized, Rails uses YAML.unsafeload to convert the YAML data in to Ruby objects. If an attacker can...
CVE-2020-13388
An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safeload is not used...
Arbitrary Code Execution
js-yaml is vulnerable to arbitrary code execution. The vulnerability exists through the usage of unsafe load function, which allows attackers to inject arbitrary code via a malicious YAML file using objects that have toString as key, JavaScript code as value and are used as explicit mapping keys...