Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An exploitable vulnerability exists in the YAML parsing functionality in the YAMLParser method in Interfaces.py in PyAnyAPI before 0.6.1. A YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PyAnyAPI 安全漏洞
Vulnerability Description
PyAnyAPI是一个基于Python的使用声明的方式在多种类型数据上创建接口的工具。 PyAnyAPI 0.6.1之前的版本中的Interfaces.py文件的YAML解析功能存在安全漏洞。攻击者可通过向已加载的YAML注入Python利用该漏洞执行任意的Python命令。
CVSS Information
N/A
Vulnerability Type
N/A