CVE-2017-16763
The CVE-2017-16763 entry covers Confire 0.2.0: YAML parsing in config.py loads user config from ~/.confire.yaml using yaml.load, enabling arbitrary Python execution and command execution on the host. This is a YAML deserialization issue that can be triggered by injected YAML. The connected docume...