CVE-2020-13388

  • Published Date: Fri 22 May 2020
  • Last Modified Date: Tue 26 May 2020

An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safe_load is not used.

References (Advisories, Solutions, and Tools):



Note: This page is generated by our securitybot and has not been checked for errors. Feed Source: NVD