CVE-2020-13388

An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safe_load is not used.
Configurations

Configuration 1

cpe:2.3:a:python:jw.util:*:*:*:*:*:python:*:*

Information

Published : 2020-05-22 05:15

Updated : 2020-05-28 01:15


NVD link : CVE-2020-13388

Mitre link : CVE-2020-13388

Products Affected
No products.
CWE