CVE-2017-16616

Name of the Vulnerable Software and Affected Versions PyAnyAPI versions prior to 0.6.1

Description An issue exists in the YAML parsing functionality in the YAMLParser method in Interfaces.py. The load function is used where safe load should have been used, allowing a YAML parser to execute arbitrary Python commands. This results in command execution and can be triggered by an attacker inserting Python into loaded YAML.

Recommendations For versions prior to 0.6.1, update to version 0.6.1 or later to resolve the issue. As a temporary workaround, consider modifying the YAMLParser method to use safe load instead of load to prevent arbitrary command execution.