← voltar
CVE-2020-13388

CVE-2020-13388

EPSS 4.4%
An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safe_load is not used.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://joel-malwarebenchmark.github.iohttps://joel-malwarebenchmark.github.io/blog/2020/04/27/cve-2020-13388-jw-util-vulnerability/https://security.netapp.com/advisory/ntap-20200528-0002/