CVE-2019-20478

In ruamel.yaml through 0.16.7, the load method allows remote code execution if the application calls this method with an untrusted argument. In other words, this issue affects developers who are unaware of the need to use methods such as safe_load in these use cases.
References
Link Resource
https://www.exploit-db.com/exploits/47655 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:ruamel.yaml_project:ruamel.yaml:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-02-19 04:15

Updated : 2024-02-28 17:28


NVD link : CVE-2019-20478

Mitre link : CVE-2019-20478

CVE.ORG link : CVE-2019-20478


JSON object : View

Products Affected

ruamel.yaml_project

  • ruamel.yaml