ruamel_yaml is vulnerable to remote code execution (RCE). The attack exists because it accepts the invocation of load
method with untrusted argument instead of using safe method such as safe_load
, resulting in deserialization of untrusted objects.
CPE | Name | Operator | Version |
---|---|---|---|
ruamel.yaml | le | 0.16.13 |