7 matches found
EUVD-2020-2744
Malware in sbrugna...
EUVD-2023-27070
Malicious code in bioql PyPI...
Deserialization of Untrusted Data
Overview ms-swift is a Swift: Scalable lightWeight Infrastructure for Fine-Tuning Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the yaml.load function in tests/run.py when handling user-supplied YAML configuration files. An attacker can execute arbitrar...
The vulnerability of the yaml.load() component in the YAML parsing library for Python, PyYAML, allows a attacker to access confidential data, compromise its integrity, and cause service interruptions.
The vulnerability of the yaml.load component in the YAML parsing library for Python, PyYAML, is related to the restoration of unreliable data in memory. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and cause service failures...
The vulnerability of the YAML.load() function in the YAML syntax analyzer library for the Foreman server management, configuration, and monitoring application, as well as for the Red Hat Satellite system management tool, allows a malicious actor to execute arbitrary code.
The vulnerability of the YAML.load function in the YAML syntax analyzer library for the Foreman server management, configuration, and monitoring application, as well as for the Red Hat Satellite system management tool, is related to improper code generation. Exploiting this vulnerability allows a...
PYSEC-2021-60
Tenable for Jira Cloud is an open source project designed to pull Tenable.io vulnerability data, then generate Jira Tasks and sub-tasks based on the vulnerabilities' current state. It published in pypi as "tenable-jira-cloud". In tenable-jira-cloud before version 1.1.21, it is possible to run...
PT-2019-11591 · Red Hat · Osbs-Client
Name of the Vulnerable Software and Affected Versions: osbs-client versions 0.46 through 0.56.0 Description: A flaw was found in the yaml.load function, allowing insecure use that enables loading of suspicious objects for code execution via parsing of malicious YAML files. Recommendations: For...