An exploitable vulnerability exists... CVE-2020-13388

- AV AC AU C I A
发布: 2020-05-22
修订: 2020-05-26

An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safe_load is not used.

0%
暂无可用Exp或PoC
产品及版本信息(CPE)暂不可用