An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin prior to 2.0.0a12. A "Load YAML" string or file (aka load_yaml or load_yamlf) can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
owlmixin project owlmixin |
||
owlmixin project owlmixin 2.0.0 |