7 matches found
UBUNTU-CVE-2023-49297
PyDrive2 is a wrapper library of google-api-python-client that simplifies many common Google Drive API V2 tasks. Unsafe YAML deserilization will result in arbitrary code execution. A maliciously crafted YAML file can cause arbitrary code execution if PyDrive2 is run in the same directory as it, o...
PT-2023-31157 · Google · Google-Api-Python-Client
Name of the Vulnerable Software and Affected Versions: PyDrive2 versions prior to 1.16.2 Description: PyDrive2 is a wrapper library of google-api-python-client that simplifies many common Google Drive API V2 tasks. Unsafe YAML deserialization will result in arbitrary code execution. A maliciously...
Denial Of Service (DoS)
snakeyaml is vulnerable to Denial Of Service DoS. The vulnerability exists in the resolve.java due to a lack of input validation, allowing an attacker to crash the system via malicious yaml file...
CVE-2021-34066
An issue was discovered in EdgeGallery/developer before v1.0. There is a "Deserialization of yaml file" vulnerability that can allow attackers to execute system command through uploading the malicious constructed YAML file...
Denial Of Service (DoS)
snakeyaml is vulnerable to denial of service. The library allows an attacker to crash the application through an entity expansion attack, also known as billion laughs attack, by providing a malicious YAML file to be parsed...
CVE-2019-1010183
serde serdeyaml 0.6.0 to 0.8.3 is affected by: Uncontrolled Recursion. The impact is: Denial of service by aborting. The component is: from functions all deserialization functions. The attack vector is: Parsing a malicious YAML file. The fixed version is: 0.8.4 and later...
Remote Code Execution (RCE)
brooklyn-utils-common is vulnerable to remote code execution RCE attacks. The library by default allows the unmarshalling of Java types available to that classpath. This allows an attacker to inject and execute arbitrary code by passing a malicious yaml file to the application...