3 matches found
CVE-2025-50460
A remote code execution RCE vulnerability exists in the ms-swift project version 3.3.0 due to unsafe deserialization in tests/run.py using yaml.load from the PyYAML library versions = 5.3.1. If an attacker can control the content of the YAML configuration file passed to the --runconfig parameter,...
CVE-2023-28754 ShardingSphere-Agent: Deserialization vulnerability in ShardingSphere Agent
Deserialization of Untrusted Data vulnerability in Apache ShardingSphere-Agent, which allows attackers to execute arbitrary code by constructing a special YAML configuration file. The attacker needs to have permission to modify the ShardingSphere Agent YAML configuration file on the target machin...
PT-2022-26183 · Unknown · Super-Xray
Name of the Vulnerable Software and Affected Versions: super-xray versions prior to 0.7 Description: The issue concerns a web vulnerability scanning tool that assumed trusted input for the program config stored in a yaml file. An attacker with local access to the file could exploit this and...