0.003 Low
EPSS
Percentile
69.9%
mlalchemy is vulnerable to arbitrary code execution attacks. It does not use the safe_load() method to parse YAML in the parse_yaml_query() method of parser.py, allowing the attacker to load any malicious Python code to the YAML parser.
safe_load()
parse_yaml_query()
parser.py
github.com/thanethomson/MLAlchemy/commit/bc795757febdcce430d89f9d08f75c32d6989d3c
github.com/thanethomson/MLAlchemy/issues/1
joel-malwarebenchmark.github.io/blog/2017/11/08/cve-2017-16615-critical-restful-web-applications-vulnerability/