Unsafe YAML deserialization in yaml.Loader in transmute-core before 1.13.5 allows attackers to execute arbitrary Python code.
{ "nvd_published_at": "2023-11-02T06:15:08Z", "cwe_ids": [ "CWE-502" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2023-11-02T21:01:55Z" }