CVE-2019-10135

A flaw was found in the yaml.load() function in the osbs-client versions since 0.46 before 0.56.1. Insecure use of the yaml.load() function allowed the user to load any suspicious object for code execution via the parsing of malicious YAML files.
Configurations

Configuration 1

cpe:2.3:a:osbs-client_project:osbs-client:*:*:*:*:*:*:*:*

Information

Published : 2019-07-11 07:15

Updated : 2022-11-07 07:17


NVD link : CVE-2019-10135

Mitre link : CVE-2019-10135

Products Affected
No products.
CWE
CWE-502

Deserialization of Untrusted Data