Bigbigliang-Malwarebenchmark

**Name of the Vulnerable Software and Affected Versions** Donfig version 0.3.0 **Description** An issue in the `collect yaml` method in `config obj.py` allows the execution of arbitrary Python commands, resulting in command execution. **Recommendations** For Donfig version 0.3.0, consider disabling the `collect yaml` method in `config obj.py` until a patch is available. Restrict access to the `config obj.py` module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ipycache versions up to 0.1.4 **Description** A code injection issue was discovered. **Recommendations** For ipycache versions up to 0.1.4, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Sqla yaml fixtures versions up to 0.9.1 **Description** The issue allows local users to execute arbitrary python code via the `fixture text` argument in the `sqla yaml fixtures.load` function. This can lead to code execution with the privileges of the user running the application. **Recommendations** For Sqla yaml fixtures versions up to 0.9.1, consider restricting access to the `sqla yaml fixtures.load` function to minimize the risk of exploitation. As a temporary workaround, avoid using the `fixture text` argument in the `sqla yaml fixtures.load` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Danijar Hafner definitions package for Python (affected versions not specified) **Description** The issue concerns the `load()` method in definitions/parser.py, which can execute arbitrary Python commands, resulting in command execution. This allows for the potential execution of malicious code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Pylearn2 (affected versions not specified) **Description** The issue concerns the yaml parse.load method in Pylearn2, which allows code injection. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ymlref versions up to 0.1.1 **Description** The issue allows code injection. ymlref is a library used to load Yaml documents and resolve JSON-pointer references inside them. **Recommendations** For ymlref versions up to 0.1.1, update to a version higher than 0.1.1 to resolve the code injection issue.