메뉴 건너뛰기

GREATUSER

cve

CVE-2017-16615

관리자 2017.11.09 04:00 조회 수 : 37

An exploitable vulnerability exists in the YAML parsing functionality in the parse_yaml_query method in parser.py in MLAlchemy before 0.2.2. When processing YAML-Based queries for data, a YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability.


원문출처 : https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16615
번호 제목 글쓴이 날짜 조회 수
437 CVE-2018-5783 관리자 2018.01.25 43
436 CVE-2017-16661 관리자 2017.11.09 43
435 CVE-2017-16659 관리자 2017.11.09 35
434 CVE-2017-16660 관리자 2017.11.09 52
433 CVE-2017-16616 관리자 2017.11.09 35
» CVE-2017-16615 관리자 2017.11.09 37
431 CVE-2017-16618 관리자 2017.11.09 34
430 CVE-2017-16645 관리자 2017.11.09 48
429 CVE-2017-16643 관리자 2017.11.09 48
428 CVE-2017-16644 관리자 2017.11.09 28
427 CVE-2017-16647 관리자 2017.11.09 38
426 CVE-2017-16646 관리자 2017.11.09 38
425 CVE-2017-16649 관리자 2017.11.09 30
424 CVE-2017-16648 관리자 2017.11.09 29
423 CVE-2017-16650 관리자 2017.11.09 31
위로