CVE-2019-7537
Donfig 0.3.0 is affected by a command-injection in the collect_yaml method of config_obj.py. Multiple connected sources (RH/CVE-2019-7537, OSV/GHSA-3QR5-H7W4-3GX3, Veracode, NVD) confirm that loading user-provided YAML can lead to arbitrary Python execution, enabling potential remote command exec...