EUVD-2017-0082

Malware in sbrugna...

Unsafe deserialization in owlmixin

An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A "Load YAML" string or file aka loadyaml or loadyamlf can execute arbitrary Python commands resulting in command execution because load is used where safeload should have been used. An...

jumeaux (>=0.1.0 <=0.11.1) potentially affected by CVE-2017-16618 via owlmixin (>=1.2.0 <=1.2.0a1)

owlmixin PYPI version =1.2.0, =0.1.0, =0.11.1 Source cves: CVE-2017-16618 Source advisory: OSV:GHSA-CCMQ-QVCP-5MRM...

GHSA-CCMQ-QVCP-5MRM Unsafe deserialization in owlmixin

An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A "Load YAML" string or file aka loadyaml or loadyamlf can execute arbitrary Python commands resulting in command execution because load is used where safeload should have been used. An...

OwlMixin Command Execution Vulnerability

OwlMixin is a Python based tool that can convert data class instances, dict objects, json strings and yaml strings to each other . A security vulnerability exists in the YAML loading feature of the util.py file in OwlMixin versions prior to 2.0.0a12. An attacker can exploit this vulnerability by...

Design/Logic Flaw

An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A "Load YAML" string or file aka loadyaml or loadyamlf can execute arbitrary Python commands resulting in command execution because load is used where safeload should have been used. An...

CVE-2017-16618

An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A "Load YAML" string or file aka loadyaml or loadyamlf can execute arbitrary Python commands resulting in command execution because load is used where safeload should have been used. An...

PYSEC-2017-22

An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A "Load YAML" string or file aka loadyaml or loadyamlf can execute arbitrary Python commands resulting in command execution because load is used where safeload should have been used. An...

CVE-2017-16618

An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A "Load YAML" string or file aka loadyaml or loadyamlf can execute arbitrary Python commands resulting in command execution because load is used where safeload should have been used. An...

jumeaux (>=0.1.0 <=0.11.1) potentially affected by CVE-2017-16618 via owlmixin (>=1.2.0 <=1.2.0a1)

owlmixin PYPI version =1.2.0, =0.1.0, =0.11.1 Source cves: CVE-2017-16618 Source advisory: OSV:PYSEC-2017-22...

PYSEC-2017-22

An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A "Load YAML" string or file aka loadyaml or loadyamlf can execute arbitrary Python commands resulting in command execution because load is used where safeload should have been used. An...

CVE-2017-16618

An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A "Load YAML" string or file aka loadyaml or loadyamlf can execute arbitrary Python commands resulting in command execution because load is used where safeload should have been used. An...

CVE-2017-16618

CVE-2017-16618 describes an exploitable vulnerability in OwlMixin’s YAML loading path. The issue is in the YAML loading functionality of the file util.py where a call to the YAML loader (Load YAML) uses load_yaml/load_yamlf instead of a safer alternative. This enables an attacker to inject Python...