EUVD-2019-2175

Malware in sbrugna...

EUVD-2018-0128

Malware in sbrugna...

EUVD-2024-0055

Malicious code in bioql PyPI...

EUVD-2022-4186

Malicious code in bioql PyPI...

GHSA-FM6C-F59H-7MMG MS SWIFT Remote Code Execution via unsafe PyYAML deserialization

Description A Remote Code Execution RCE vulnerability exists in the modelscope/ms-swift project due to unsafe use of yaml.load in combination with vulnerable versions of the PyYAML library ≤ 5.3.1. The issue resides in the tests/run.py script, where a user-supplied YAML configuration file is...

RHEL 6 : pyyaml (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - PyYAML: yaml.load API could execute arbitrary code CVE-2017-18342 Note that Nessus has not tested for this issue bu...

CVE-2022-31115

Opensearch-ruby before 2.0.1 is affected by unsafe YAML deserialization via YAML.load (not YAML.safe_load). Vulnerable in 2.0.0 and earlier when the response is YAML, exploitable only if an attacker controls the opensearch server and lures the victim to connect. Patch available in 2.0.1 (and subs...

CVE-2022-31115 Unsafe YAML deserialization in opensearch-ruby

opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. In versions prior to 2.0.1 the ruby YAML.load function was used instead of YAML.safeload. As a result opensearch-ruby 2.0.0 and prior can lead to unsafe deserialization using YAML.load if the response is of type YAML. ...

GHSA-QGVW-QC2Q-GV5Q Django Tastypie Improper Deserialization of YAML Data

The fromyaml method in serializers.py in Django Tastypie before 0.9.10 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method...

Arbitrary Command Injection

jwutil is vulnerable to arbitrary command injection. The vulnerability exists as it uses the insecure function yaml.load without any validation in FromString and FromStream...

CVE-2017-18342

In PyYAML before 5.1, the yaml.load API could execute arbitrary code if used with untrusted data. The load function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function...

GLSA-202003-45 : PyYAML: Arbitrary code execution

The remote host is affected by the vulnerability described in GLSA-202003-45 PyYAML: Arbitrary code execution It was found that using yaml.load API on untrusted input could lead to arbitrary code execution. Impact : A remote attacker could entice a user to process specially crafted input in an...

Remote Code Execution (RCE)

pyyaml is vulnerable to remote code execution RCE attacks. The application uses the unsafe function yaml.load, allowing a malicious user to inject and execute arbitrary code by passing a yaml file. This vulnerability exists due to an incomplete fix for CVE-2017-18342...

Huawei EulerOS: Security Advisory for PyYAML (EulerOS-SA-2019-2299)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization for ARM 64 3.0.5.0 : PyYAML (EulerOS-SA-2020-1083)

According to the version of the PyYAML package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - In PyYAML before 4.1, the yaml.load API could execute arbitrary code. In other words, yaml.safeload is not...

Design/Logic Flaw

A flaw was found in the yaml.load function in the osbs-client versions since 0.46 before 0.56.1. Insecure use of the yaml.load function allowed the user to load any suspicious object for code execution via the parsing of malicious YAML files...

CVE-2019-10135

A flaw was found in the yaml.load function in the osbs-client versions since 0.46 before 0.56.1. Insecure use of the yaml.load function allowed the user to load any suspicious object for code execution via the parsing of malicious YAML files...

CVE-2019-10135

A flaw was found in the yaml.load function in the osbs-client prior to version 0.56.1. Insecure use of the yaml.load function allowed the user to load any suspicious object for code execution via the parsing of malicious YAML files...

EulerOS 2.0 SP5 : PyYAML (EulerOS-SA-2019-1041)

According to the version of the PyYAML package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In PyYAML before 4.1, the yaml.load API could execute arbitrary code. In other words, yaml.safeload is not used.CVE-2017-18342 Note that Tenable...

GHSA-PVHP-V9QP-XF5R Django-piston and Django-tastypie do not properly deserialize YAML data

emitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method. Django Tastypie has a very similar vulnerability...