3 matches found
CVE-2020-13388
An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safeload is not used...
PYSEC-2020-341
An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safeload is not used...
PT-2020-4065 · Jw · Jw.Util
Name of the Vulnerable Software and Affected Versions: jw.util versions prior to 2.3 Description: The issue is related to errors in processing YAML files when loading configuration, allowing a remote attacker to execute arbitrary operating system commands. This is due to the lack of safe load whe...