4 matches found
CVE-2017-16615
An exploitable vulnerability exists in the YAML parsing functionality in the parseyamlquery method in parser.py in MLAlchemy before 0.2.2. When processing YAML-Based queries for data, a YAML parser can execute arbitrary Python commands resulting in command execution because load is used where...
CVE-2017-16615
An exploitable vulnerability exists in the YAML parsing functionality in the parseyamlquery method in parser.py in MLAlchemy before 0.2.2. When processing YAML-Based queries for data, a YAML parser can execute arbitrary Python commands resulting in command execution because load is used where...
CVE-2017-16615
An exploitable vulnerability exists in the YAML parsing functionality in the parseyamlquery method in parser.py in MLAlchemy before 0.2.2. When processing YAML-Based queries for data, a YAML parser can execute arbitrary Python commands resulting in command execution because load is used where...
CVE-2017-16615
MLAlchemy contains a YAML parsing vulnerability in parse_yaml_query() (parser.py) affecting versions before 0.2.2. The YAML loader uses load instead of safe_load, allowing an attacker to inject Python into loaded YAML and trigger arbitrary code execution. This leads to potential command execution...