PYSEC-2023-223

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/transmute-core/PYSEC-2023-223.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2023-223

Aliases

Published

2023-11-02T06:15:00Z

Modified

2023-11-02T21:26:26.156112Z

Summary

[none]

Details

Unsafe YAML deserialization in yaml.Loader in transmute-core before 1.13.5 allows attackers to execute arbitrary Python code.

References

Affected packages

PyPI / transmute-core

Package

Name: transmute-core; View open source insights on deps.dev
Purl: pkg:pypi/transmute-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.13.5

Affected versions

Other

0.*

0.1.0b0

0.1.0

0.1.1

0.1.3

0.1.4b0

0.1.4

0.1.5

0.1.6

0.2.0

0.2.1

0.2.2

0.2.3

0.2.4

0.2.5

0.2.6

0.2.7

0.2.8

0.2.9

0.2.10

0.2.11

0.2.12

0.3.0

0.3.1

0.4.0

0.4.1

0.4.2

0.4.3

0.4.4

0.4.5

0.4.6

0.4.7

0.4.8

0.4.9

0.4.10

0.4.11

0.4.12

0.5.0

0.6.0

1.*

1.0.0

1.0.1

1.1.0

1.1.1

1.2.0

1.3.0

1.3.1

1.3.2

1.4.0

1.4.1

1.4.2

1.4.3

1.4.4

1.4.5

1.4.6

1.5.0

1.6.0

1.7.0

1.7.1

1.8.0

1.8.1

1.9.0

1.9.1

1.9.2

1.9.3

1.9.4

1.10.1

1.11.0

1.12.0

1.13.0

1.13.1

1.13.2

1.13.3

1.13.4a0

1.13.4

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/transmute-core/PYSEC-2023-223.yaml"