4 matches found
Improper Input Validation
The setmgmtparameters function in item.py in cobbler before 2.2.2 allows context-dependent attackers to execute arbitrary code via vectors related to the use of the yaml.load function instead of the yaml.safeload function, as demonstrated using Puppet...
Arbitrary Code Execution
Overview jingo is a git based wiki engine written for node.js, with a decent design, a search capability and a good typography. Affected versions of this package are vulnerable to Arbitrary Code Execution due to the default usage of the function yaml.load of the package js-yaml instead of its...
Remote code execution
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load instead of yaml.safeload when parsing user data, remote code execution can occur...
Fedora 25 : python-tablib (2017-fe04b06b64)
Latest upstream, including the yaml.safeload fix for CVE-2017-2810. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...