Safety vulnerability ID: 35719
The information on this page was manually curated by our Cybersecurity Intelligence Team.
An exploitable vulnerability exists in the YAML parsing functionality in the YAMLParser method in Interfaces.py in PyAnyAPI before 0.6.1. A YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability.
Latest version: 0.6.1
Tools for convenient interface creation over various types of data in a declarative way.
An exploitable vulnerability exists in the YAML parsing functionality in the YAMLParser method in Interfaces.py in PyAnyAPI before 0.6.1. A YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability.
MISC:https://joel-malwarebenchmark.github.io/blog/2017/11/08/cve-2017-16616-yamlparser-in-pyanyapi/: https://joel-malwarebenchmark.github.io/blog/2017/11/08/cve-2017-16616-yamlparser-in-pyanyapi/
CONFIRM:https://github.com/Stranger6667/pyanyapi/issues/41: https://github.com/Stranger6667/pyanyapi/issues/41
CONFIRM:https://github.com/Stranger6667/pyanyapi/releases/tag/0.6.1: https://github.com/Stranger6667/pyanyapi/releases/tag/0.6.1
CONFIRM:https://pypi.python.org/pypi/pyanyapi/0.6.1: https://pypi.python.org/pypi/pyanyapi/0.6.1
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application