In ruamel.yaml through 0.16.7, the load method allows remote code execution if the application calls this method with an untrusted argument. In other words, this issue affects developers who are unaware of the need to use methods such as safe_load in these use cases.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-02-19T03:09:08
Updated: 2024-08-05T02:39:10.000Z
Reserved: 2020-02-19T00:00:00
Link: CVE-2019-20478
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-02-19T04:15:10.880
Modified: 2021-07-21T11:39:23.747
Link: CVE-2019-20478
Redhat