Security Advisory

CVE-2020-13388

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-05-22 16:07:19

Last updated 2024-08-04 12:18:17

Assigner mitre

State PUBLISHED

Description

An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safe_load is not used.

← Browse all CVEs View on cve.org ↗