Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A "Load YAML" string or file (aka load_yaml or load_yamlf) can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
OwlMixin 安全漏洞
Vulnerability Description
OwlMixin是一款基于Python的能够将数据类实例、dict对象、json字符串和yaml字符串进行相互转换的工具。 OwlMixin 2.0.0a12之前的版本中的util.py文件的YAML加载功能存在安全漏洞。攻击者可通过向已加载的YAML注入Python利用该漏洞执行任意的Python命令。
CVSS Information
N/A
Vulnerability Type
N/A