CVE-2017-16618

Name of the Vulnerable Software and Affected Versions OwlMixin versions prior to 2.0.0a12

Description The issue exists in the YAML loading functionality of util.py, where a "Load YAML" string or file can execute arbitrary Python commands. This is due to the use of load instead of safe load, allowing an attacker to insert Python into loaded YAML and trigger command execution.

Recommendations For versions prior to 2.0.0a12, update to version 2.0.0a12 or later to resolve the issue. As a temporary workaround, consider disabling the load yaml and load yamlf functions in util.py until a patch is available. Restrict access to YAML loading functionality to minimize the risk of exploitation. Avoid using the load function for YAML loading; instead, use the safe load function to prevent arbitrary command execution.