PT-2018-15263 · Ymlref · Ymlref

Bigbigliang-Malwarebenchmark

·

Published

2018-12-17

·

Updated

2019-01-07

·

CVE-2018-20133

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions ymlref versions up to 0.1.1
Description The issue allows code injection. ymlref is a library used to load Yaml documents and resolve JSON-pointer references inside them.
Recommendations For ymlref versions up to 0.1.1, update to a version higher than 0.1.1 to resolve the code injection issue.

Exploit

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2018-20133
GHSA-8R8J-XVFJ-36F9
PYSEC-2018-103

Affected Products

Ymlref