CVE-2017-16618
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-16618
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-16618.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2017-16618
- Aliases
- Published
- 2017-11-08T03:29:00Z
- Modified
- 2025-01-08T10:11:12.074472Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A "Load YAML" string or file (aka loadyaml or loadyamlf) can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability.
- References
Affected packages
Git / github.com/tadashi-aikawa/owlmixin
Affected ranges
- Type
- GIT
- Repo
- https://github.com/tadashi-aikawa/owlmixin
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Affected versions
0.*
0.2.0
0.2.1
0.3.0
0.3.1
0.4.0
0.5.0
0.5.1
0.6.0
0.7.0
0.7.1
0.8.0
1.*
1.0.0
1.0.0a1
1.0.0a2
1.0.0b1
1.0.0b2
1.0.0b3
1.0.0b4
1.0.0b5
1.0.0b6
1.0.0b7
1.0.0rc1
1.0.0rc10
1.0.0rc11
1.0.0rc12
1.0.0rc13
1.0.0rc14
1.0.0rc15
1.0.0rc16
1.0.0rc2
1.0.0rc3
1.0.0rc4
1.0.0rc5
1.0.0rc6
1.0.0rc7
1.0.0rc8
1.0.0rc9
1.1.0
1.2.0
1.2.0a1
2.*
2.0.0a1
2.0.0a10
2.0.0a11
2.0.0a2
2.0.0a3
2.0.0a4
2.0.0a5
2.0.0a6
2.0.0a7
2.0.0a8
2.0.0a9