CVE-2020-13388 – An exploitable vulnerability exists in the configuration-loading functionality of the jw.u …

Vuln ID: CVE-2020-13388

Published:  2020-05-22  17:15:10Z

Description: An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safe_load is not used.

Source: NVD.NIST.GOV

 

Tags