Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from "~/.confire.yaml" using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Confire 安全漏洞
Vulnerability Description
Confire是一套建立在Scapy、Django等配置解析器上的应用程序配置工具。 Confire 0.2.0版本中的config.py文件的YAML解析功能存在安全漏洞,该漏洞源于程序使用‘yaml.load’函数从‘/.confire.yaml’中加载用户特定的配置。攻击者可通过向已加载的YAML中注入Python利用该漏洞执行任意的Python命令。
CVSS Information
N/A
Vulnerability Type
N/A