PT-2018-15263 · Ymlref · Ymlref

Bigbigliang-Malwarebenchmark

·

Publicado

2018-12-17

·

Atualizado

2019-01-07

·

CVE-2018-20133

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions ymlref versions up to 0.1.1
Description The issue allows code injection. ymlref is a library used to load Yaml documents and resolve JSON-pointer references inside them.
Recommendations For ymlref versions up to 0.1.1, update to a version higher than 0.1.1 to resolve the code injection issue.

Exploit

Correção

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

CVE-2018-20133
GHSA-8R8J-XVFJ-36F9
PYSEC-2018-103

Produtos afetados

Ymlref