13 matches found
EUVD-2017-0076
Malware in sbrugna...
Unsafe deserialization in MLAlchemy
An exploitable vulnerability exists in the YAML parsing functionality in the parseyamlquery method in parser.py in MLAlchemy before 0.2.2. When processing YAML-Based queries for data, a YAML parser can execute arbitrary Python commands resulting in command execution because load is used where...
GHSA-XPM8-98MX-H4C5 Unsafe deserialization in MLAlchemy
An exploitable vulnerability exists in the YAML parsing functionality in the parseyamlquery method in parser.py in MLAlchemy before 0.2.2. When processing YAML-Based queries for data, a YAML parser can execute arbitrary Python commands resulting in command execution because load is used where...
MLAlchemy Command Execution Vulnerability
MLAlchemy is a Python based open source utility library that converts YAML/JSON to SQLAlchemy SELECT queries. A security vulnerability exists in the YAML parsing functionality of the parseyamlquery method of the arser.py file in versions of MLAlchemy prior to 0.2.2. An attacker can exploit this...
Arbitrary Code Execution
mlalchemy is vulnerable to arbitrary code execution attacks. It does not use the safeload method to parse YAML in the parseyamlquery method of parser.py, allowing the attacker to load any malicious Python code to the YAML parser...
PYSEC-2017-19
An exploitable vulnerability exists in the YAML parsing functionality in the parseyamlquery method in parser.py in MLAlchemy before 0.2.2. When processing YAML-Based queries for data, a YAML parser can execute arbitrary Python commands resulting in command execution because load is used where...
CVE-2017-16615
An exploitable vulnerability exists in the YAML parsing functionality in the parseyamlquery method in parser.py in MLAlchemy before 0.2.2. When processing YAML-Based queries for data, a YAML parser can execute arbitrary Python commands resulting in command execution because load is used where...
PYSEC-2017-19
An exploitable vulnerability exists in the YAML parsing functionality in the parseyamlquery method in parser.py in MLAlchemy before 0.2.2. When processing YAML-Based queries for data, a YAML parser can execute arbitrary Python commands resulting in command execution because load is used where...
CVE-2017-16615
An exploitable vulnerability exists in the YAML parsing functionality in the parseyamlquery method in parser.py in MLAlchemy before 0.2.2. When processing YAML-Based queries for data, a YAML parser can execute arbitrary Python commands resulting in command execution because load is used where...
CVE-2017-16615
An exploitable vulnerability exists in the YAML parsing functionality in the parseyamlquery method in parser.py in MLAlchemy before 0.2.2. When processing YAML-Based queries for data, a YAML parser can execute arbitrary Python commands resulting in command execution because load is used where...
Input validation
An exploitable vulnerability exists in the YAML parsing functionality in the parseyamlquery method in parser.py in MLAlchemy before 0.2.2. When processing YAML-Based queries for data, a YAML parser can execute arbitrary Python commands resulting in command execution because load is used where...
CVE-2017-16615
MLAlchemy contains a YAML parsing vulnerability in parse_yaml_query() (parser.py) affecting versions before 0.2.2. The YAML loader uses load instead of safe_load, allowing an attacker to inject Python into loaded YAML and trigger arbitrary code execution. This leads to potential command execution...
CVE-2017-16615
An exploitable vulnerability exists in the YAML parsing functionality in the parseyamlquery method in parser.py in MLAlchemy before 0.2.2. When processing YAML-Based queries for data, a YAML parser can execute arbitrary Python commands resulting in command execution because load is used where...