2 matches found
PT-2020-4065 · Jw · Jw.Util
Name of the Vulnerable Software and Affected Versions: jw.util versions prior to 2.3 Description: The issue is related to errors in processing YAML files when loading configuration, allowing a remote attacker to execute arbitrary operating system commands. This is due to the lack of safe load whe...
PT-2019-11591 · Red Hat · Osbs-Client
Name of the Vulnerable Software and Affected Versions: osbs-client versions 0.46 through 0.56.0 Description: A flaw was found in the yaml.load function, allowing insecure use that enables loading of suspicious objects for code execution via parsing of malicious YAML files. Recommendations: For...