Lucene search
K

7 matches found

OSV
OSV
added 2023/12/05 9:15 p.m.1 views

UBUNTU-CVE-2023-49297

PyDrive2 is a wrapper library of google-api-python-client that simplifies many common Google Drive API V2 tasks. Unsafe YAML deserilization will result in arbitrary code execution. A maliciously crafted YAML file can cause arbitrary code execution if PyDrive2 is run in the same directory as it, o...

7.8CVSS6.3AI score0.0051EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/12/05 12:0 a.m.5 views

PT-2023-31157 · Google · Google-Api-Python-Client

Name of the Vulnerable Software and Affected Versions: PyDrive2 versions prior to 1.16.2 Description: PyDrive2 is a wrapper library of google-api-python-client that simplifies many common Google Drive API V2 tasks. Unsafe YAML deserialization will result in arbitrary code execution. A maliciously...

7.8CVSS7.7AI score0.0051EPSS
Exploits1References18
Veracode
Veracode
added 2022/09/06 8:12 a.m.28 views

Denial Of Service (DoS)

snakeyaml is vulnerable to Denial Of Service DoS. The vulnerability exists in the resolve.java due to a lack of input validation, allowing an attacker to crash the system via malicious yaml file...

6.5CVSS6.9AI score0.01507EPSS
Exploits0References8Affected Software3
OSV
OSV
added 2021/08/30 7:15 p.m.10 views

CVE-2021-34066

An issue was discovered in EdgeGallery/developer before v1.0. There is a "Deserialization of yaml file" vulnerability that can allow attackers to execute system command through uploading the malicious constructed YAML file...

9.8CVSS7.2AI score
Exploits0References1
Veracode
Veracode
added 2020/02/13 5:33 a.m.52 views

Denial Of Service (DoS)

snakeyaml is vulnerable to denial of service. The library allows an attacker to crash the application through an entity expansion attack, also known as billion laughs attack, by providing a malicious YAML file to be parsed...

7.5CVSS5.1AI score0.26723EPSS
Exploits1References112Affected Software2
NVD
NVD
added 2019/07/25 1:15 p.m.14 views

CVE-2019-1010183

serde serdeyaml 0.6.0 to 0.8.3 is affected by: Uncontrolled Recursion. The impact is: Denial of service by aborting. The component is: from functions all deserialization functions. The attack vector is: Parsing a malicious YAML file. The fixed version is: 0.8.4 and later...

6.5CVSS6.5AI score0.01083EPSS
Exploits0References1
Veracode
Veracode
added 2017/11/16 9:53 a.m.20 views

Remote Code Execution (RCE)

brooklyn-utils-common is vulnerable to remote code execution RCE attacks. The library by default allows the unmarshalling of Java types available to that classpath. This allows an attacker to inject and execute arbitrary code by passing a malicious yaml file to the application...

8.8CVSS9.2AI score0.03825EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder