PT-2020-19749 · Js Yaml +3 · Js-Yaml +3

Name of the Vulnerable Software and Affected Versions: grunt versions prior to 1.3.0 Description: The issue is related to Arbitrary Code Execution due to the default usage of the load function instead of its secure replacement safeLoad of the js-yaml package inside grunt.file.readYAML...

PYSEC-2017-79

An exploitable vulnerability exists in the YAML parsing functionality in the readyamlfile method in ioutils.py in djangomakeapp 0.1.3. A YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability...