9 matches found
CVE-2020-13388
An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safeload is not used...
GHSA-H72C-W3Q3-55QQ OS Command Injection in jw.util
An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safeload is not used...
OS Command Injection in jw.util
An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safeload is not used...
The vulnerability of the jw.util package, related to errors in checking the processed YAML files during configuration loading, allows a attacker to execute arbitrary operating system commands.
The vulnerability of the jw.util package is related to errors during the validation of YAML files processed when loading configuration files. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands on the operating system...
jw.util Operating System Command Injection Vulnerability
jw.util is a Python-based utility package that includes modules for versioning, file handling, and YAML configuration. jw.util suffers from an operating system command injection vulnerability. An attacker can exploit this vulnerability by inserting python into a loaded yaml to execute arbitrary...
CVE-2020-13388
An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safeload is not used...
PYSEC-2020-341
An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safeload is not used...
CVE-2020-13388
An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safeload is not used...
CVE-2020-13388
The vulnerability CVE-2020-13388 affects the Python jw.util package prior to version 2.3. It arises in the configuration-loading functionality when parsing YAML via FromString/FromStream, because safe_load is not used, allowing an attacker to execute arbitrary Python code and potentially achieve ...