EPSS
Percentile
71.5%
pyanyapi is vulnerable to arbitrary code execution attacks. It does not use the safe_load() method to parse YAML in the parse_yaml_query() method of parser.py, allowing the attacker to load any malicious Python code to the YAML parser.
safe_load()
parse_yaml_query()
parser.py
github.com/Stranger6667/pyanyapi/issues/41
github.com/Stranger6667/pyanyapi/releases/tag/0.6.1
joel-malwarebenchmark.github.io/blog/2017/11/08/cve-2017-16616-yamlparser-in-pyanyapi/
pypi.python.org/pypi/pyanyapi/0.6.1