3 matches found
CVE-2020-13388
An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safeload is not used...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Python
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Python. Vulnerability Details CVEID: CVE-2018-20225 DESCRIPTION: Pip could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the --extra-index-url option. By sending a...
CVE-2020-13388
The vulnerability CVE-2020-13388 affects the Python jw.util package prior to version 2.3. It arises in the configuration-loading functionality when parsing YAML via FromString/FromStream, because safe_load is not used, allowing an attacker to execute arbitrary Python code and potentially achieve ...