메뉴 건너뛰기

GREATUSER

cve

CVE-2017-16615

관리자 2017.11.09 04:00 조회 수 : 213

An exploitable vulnerability exists in the YAML parsing functionality in the parse_yaml_query method in parser.py in MLAlchemy before 0.2.2. When processing YAML-Based queries for data, a YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability.


원문출처 : https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16615
번호 제목 글쓴이 날짜 조회 수
437 CVE-2018-5783 관리자 2018.01.25 163
436 CVE-2017-16661 관리자 2017.11.09 201
435 CVE-2017-16659 관리자 2017.11.09 183
434 CVE-2017-16660 관리자 2017.11.09 167
433 CVE-2017-16616 관리자 2017.11.09 169
» CVE-2017-16615 관리자 2017.11.09 213
431 CVE-2017-16618 관리자 2017.11.09 240
430 CVE-2017-16645 관리자 2017.11.09 195
429 CVE-2017-16643 관리자 2017.11.09 210
428 CVE-2017-16644 관리자 2017.11.09 130
427 CVE-2017-16647 관리자 2017.11.09 177
426 CVE-2017-16646 관리자 2017.11.09 110
425 CVE-2017-16649 관리자 2017.11.09 123
424 CVE-2017-16648 관리자 2017.11.09 161
423 CVE-2017-16650 관리자 2017.11.09 156
위로