PYSEC-2017-22
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/owlmixin/PYSEC-2017-22.yaml
- JSON Data
- https://api.test.osv.dev/v1/vulns/PYSEC-2017-22
- Aliases
- Published
- 2017-11-08T03:29:00Z
- Modified
- 2023-11-01T04:48:00.030212Z
- Summary
- [none]
- Details
-
An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A "Load YAML" string or file (aka loadyaml or loadyamlf) can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability.
- References
Affected packages
PyPI / owlmixin
Package
- Name
- owlmixin
- View open source insights on deps.dev
- Purl
- pkg:pypi/owlmixin
Affected ranges
- Type
- GIT
- Repo
- https://github.com/tadashi-aikawa/owlmixin
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.0.0
Affected versions
1.*
1.0.0b3
1.0.0b4
1.0.0b6
1.0.0b7
1.0.0rc1
1.0.0rc2
1.0.0rc3
1.0.0rc4
1.0.0rc5
1.0.0rc6
1.0.0rc7
1.0.0rc8
1.0.0rc9
1.0.0rc10
1.0.0rc11
1.0.0rc12
1.0.0rc13
1.0.0rc14
1.0.0rc15
1.0.0rc16
1.0.0
1.1.0
1.2.0a1
1.2.0
2.*
2.0.0a1
2.0.0a2
2.0.0a3
2.0.0a4
2.0.0a5
2.0.0a6
2.0.0a7
2.0.0a9
2.0.0a10
2.0.0a11
2.0.0a12
2.0.0rc1