Lucene search
Veracode Vulnerability DatabaseVERACODE:5407HistoryNov 11, 2017 - 12:11 a.m.
Remote Code Execution (RCE)
2017-11-1100:11:31
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
EPSS
0.017
Percentile
87.8%
django_make_app is vulnerable to remote code execution (RCE) attacks. The attacks can happen because the io_utils.py file allows users to parse a yaml file to generate django apps, allowing attackers to inject and execute arbitrary python commands through the yaml.load() function of the YAML parser.
References
github.com/illagrenan/django-make-app/blob/master/django_make_app/io_utils.py#L13
github.com/illagrenan/django-make-app/commit/5acbd4e0c6a4191fb2652304c8433505699eb79f
github.com/illagrenan/django-make-app/issues/5
joel-malwarebenchmark.github.io/blog/2017/11/12/cve-2017-16764-vulnerability-in-django-make-app/
Related
osv
osv
CVE-2017-16764
2017-11-10 09:29:00
django_make_app is vulnerable to Code Injection
2018-07-13 15:16:59
PYSEC-2017-79
2017-11-10 09:29:00
cve
cve
CVE-2017-16764
2017-11-10 09:29:00
prion
prion
Input validation
2017-11-10 09:29:00
cvelist
cvelist
CVE-2017-16764
2017-11-10 09:00:00
github
github
django_make_app is vulnerable to Code Injection
2018-07-13 15:16:59
nvd
nvd
CVE-2017-16764
2017-11-10 09:29:00