CVE-2020-13388

Name of the Vulnerable Software and Affected Versions: jw.util versions prior to 2.3

Description: The issue is related to errors in processing YAML files when loading configuration, allowing a remote attacker to execute arbitrary operating system commands. This is due to the lack of safe load when loading configurations with FromString or FromStream using YAML, enabling the execution of arbitrary Python code.

Recommendations: For versions prior to 2.3, update to version 2.3 or later to resolve the issue. As a temporary workaround, consider disabling the use of FromString or FromStream with YAML until a patch is available. Restrict access to configuration-loading functionality to minimize the risk of exploitation. Avoid using YAML for configuration loading in the affected versions until the issue is resolved.