9 matches found
EUVD-2017-0023
Malware in sbrugna...
django_make_app is vulnerable to Code Injection
An exploitable vulnerability exists in the YAML parsing functionality in the readyamlfile method in ioutils.py in djangomakeapp 0.1.3. A YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability...
Remote Code Execution (RCE)
djangomakeapp is vulnerable to remote code execution RCE attacks. The attacks can happen because the ioutils.py file allows users to parse a yaml file to generate django apps, allowing attackers to inject and execute arbitrary python commands through the yaml.load function of the YAML parser...
Input validation
An exploitable vulnerability exists in the YAML parsing functionality in the readyamlfile method in ioutils.py in djangomakeapp 0.1.3. A YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability...
CVE-2017-16764
An exploitable vulnerability exists in the YAML parsing functionality in the readyamlfile method in ioutils.py in djangomakeapp 0.1.3. A YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability...
PYSEC-2017-79
An exploitable vulnerability exists in the YAML parsing functionality in the readyamlfile method in ioutils.py in djangomakeapp 0.1.3. A YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability...
CVE-2017-16764
An exploitable vulnerability exists in the YAML parsing functionality in the readyamlfile method in ioutils.py in djangomakeapp 0.1.3. A YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability...
CVE-2017-16764
An exploitable vulnerability exists in the YAML parsing functionality in the readyamlfile method in ioutils.py in djangomakeapp 0.1.3. A YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability...
CVE-2017-16764
The CVE-2017-16764 issue affects django_make_app 0.1.3, specifically the YAML parsing path in io_utils.py (read_yaml_file). The vulnerability allows a YAML payload to execute arbitrary Python commands, enabling potential remote code execution if untrusted YAML is loaded. Multiple connected record...