0.022 Low
EPSS
Percentile
89.5%
owlmixin is vulnerable to arbitrary code execution attacks. It does not use the safe_load() method to parse YAML in the parse_yaml_query() method of parser.py, allowing the attacker to load any malicious Python code to the YAML parser.
safe_load()
parse_yaml_query()
parser.py
github.com/tadashi-aikawa/owlmixin/commit/5d0575303f6df869a515ced4285f24ba721e0d4e
github.com/tadashi-aikawa/owlmixin/issues/12
joel-malwarebenchmark.github.io/blog/2017/11/08/cve-2017-16618-convert-through-owlmixin/