← voltar
CVE-2019-10135

CVE-2019-10135

CVSS 7.2 HIGHEPSS 1.9%CWE-502
A flaw was found in the yaml.load() function in the osbs-client versions since 0.46 before 0.56.1. Insecure use of the yaml.load() function allowed the user to load any suspicious object for code execution via the parsing of malicious YAML files.
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
Red Hat · osbs-client

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10135https://github.com/containerbuildsystem/osbs-client/pull/865