13 matches found
EUVD-2017-0101
Malware in sbrugna...
Unsafe pyyaml load usage in PyAnyAPI
An exploitable vulnerability exists in the YAML parsing functionality in the YAMLParser method in Interfaces.py in PyAnyAPI before 0.6.1. A YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safeload should have been used. An attacker can...
GHSA-VG8G-JPM9-JH8R Unsafe pyyaml load usage in PyAnyAPI
An exploitable vulnerability exists in the YAML parsing functionality in the YAMLParser method in Interfaces.py in PyAnyAPI before 0.6.1. A YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safeload should have been used. An attacker can...
PyAnyAPI Command Execution Vulnerability
PyAnyAPI is a Python-based tool for creating interfaces on multiple types of data using a declarative approach. A security vulnerability exists in the YAML parsing functionality of the Interfaces.py file in versions of PyAnyAPI prior to 0.6.1. An attacker can exploit this vulnerability by injecti...
Arbitrary Code Execution
pyanyapi is vulnerable to arbitrary code execution attacks. It does not use the safeload method to parse YAML in the parseyamlquery method of parser.py, allowing the attacker to load any malicious Python code to the YAML parser...
Design/Logic Flaw
An exploitable vulnerability exists in the YAML parsing functionality in the YAMLParser method in Interfaces.py in PyAnyAPI before 0.6.1. A YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safeload should have been used. An attacker can...
CVE-2017-16616
An exploitable vulnerability exists in the YAML parsing functionality in the YAMLParser method in Interfaces.py in PyAnyAPI before 0.6.1. A YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safeload should have been used. An attacker can...
CVE-2017-16616
An exploitable vulnerability exists in the YAML parsing functionality in the YAMLParser method in Interfaces.py in PyAnyAPI before 0.6.1. A YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safeload should have been used. An attacker can...
PYSEC-2017-23
An exploitable vulnerability exists in the YAML parsing functionality in the YAMLParser method in Interfaces.py in PyAnyAPI before 0.6.1. A YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safeload should have been used. An attacker can...
CVE-2017-16616
An exploitable vulnerability exists in the YAML parsing functionality in the YAMLParser method in Interfaces.py in PyAnyAPI before 0.6.1. A YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safeload should have been used. An attacker can...
PYSEC-2017-23
An exploitable vulnerability exists in the YAML parsing functionality in the YAMLParser method in Interfaces.py in PyAnyAPI before 0.6.1. A YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safeload should have been used. An attacker can...
CVE-2017-16616
An exploitable vulnerability exists in the YAML parsing functionality in the YAMLParser method in Interfaces.py in PyAnyAPI before 0.6.1. A YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safeload should have been used. An attacker can...
CVE-2017-16616
PyAnyAPI before 0.6.1 has an exploitable YAML parsing flaw in Interfaces.py (YAMLParser) where load is used instead of safe_load, allowing an attacker to execute arbitrary Python commands via YAML content. Multiple connected sources (GHSA, OSV, CNVD, NVD) confirm code execution vulnerability with...