CVE-2020-14343

A web application vulnerable to CVE-2020-14343 insecure deserialization leading to command execution in PyYAML package.

loader-CVE-2020-14343 A web application vulnerable to CVE-2020-14343 insecure deserialization leading to command execution in PyYAML package Writeup: githubcom/TebbaaX/CTFs/blob/main/HackerNewsBdarija-CTF-2022/loadder/Loadermd

fork tornado-swagger, remove python3 feature.

tornado-swagger PyPI Linux Windows tornado-swagger: Swagger API Documentation builder for tornado server Inspired byaiohttp-swaggerpackage (based on this package sources) Documentation githubcom/mrk-andreev/tornado-swagger/wiki Code githubcom/mrk-andreev/tornado-swagger Issues githubcom/mrk-andreev/tornado

Experimenting with the CVE-2020-14343 PyYAML vulnerability

pyyaml-CVE-2020-14343 Testing the CVE-2020-14343 vulnerability that affects the PyYAML library (version<54) "where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader" [BUG] The whole testing setup is contained within the test_yaml_vuln package which must be installed

Swagger API Documentation builder for tornado server.

tornado-swagger PyPI Linux Windows tornado-swagger: Swagger API Documentation builder for tornado server Inspired byaiohttp-swaggerpackage (based on this package sources) Documentation githubcom/mrk-andreev/tornado-swagger/wiki Code githubcom/mrk-andreev/tornado-swagger Issues githubcom/mrk-andreev/tornado

DevSecOps workflow description For purpose of this technical assignement we use DVPWA app DVPWA is an intentionally vulnerable application This repo is a clone of DVPWA and is used for devsecops workflow technical challenges For SAST and SCA analysis of the code, we use Horusec open-source tool In this case, we use only CLI, which is not integrated with web UI of Horusec T