PT-2021-15442 · Qlib · Qlib

Ajmal Aboobacker

·

Published

2021-02-15

·

Updated

2022-05-24

·

CVE-2021-23338

CVSS v3.1

7.2

High

VectorAV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions qlib (affected versions not specified)
Description The issue affects the workflow function in the cli part of qlib, which was using an unsafe YAML load function.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Deserialization of Untrusted Data

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-502CWE-94

Related Identifiers

CVE-2021-23338
GHSA-HJR4-FHGP-23G9
PYSEC-2021-86
SNYK-PYTHON-QLIB-1054635

Affected Products

Qlib