PYSEC-2017-79

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/django-make-app/PYSEC-2017-79.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2017-79

Aliases

CVE-2017-16764
GHSA-9pv8-q5rx-c8gq

Published

2017-11-10T09:29:00Z

Modified

2023-11-01T04:48:00.636051Z

Summary

[none]

Details

An exploitable vulnerability exists in the YAML parsing functionality in the readyamlfile method in ioutils.py in djangomake_app 0.1.3. A YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability.

References

https://github.com/illagrenan/django-make-app/issues/5
https://joel-malwarebenchmark.github.io/blog/2017/11/12/cve-2017-16764-vulnerability-in-django-make-app/
https://github.com/advisories/GHSA-9pv8-q5rx-c8gq

Affected packages

PyPI / django-make-app

Package

Name: django-make-app; View open source insights on deps.dev
Purl: pkg:pypi/django-make-app

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0.1.0.1

Affected versions

0.*

0.1.0.1

0.1.1

0.1.2

0.1.2.1

0.1.3