CyberSec.Space Logo
Back to CVE Browser

CVE-2017-16764

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1780%
EPSS Percentile30.95th
PublishedNov 10, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

An exploitable vulnerability exists in the YAML parsing functionality in the read_yaml_file method in io_utils.py in django_make_app 0.1.3. A YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability.

Affected Platforms (CPE)

πŸ“¦
Django Make App Project

Django Make App

= 0.1.3

References & Advisories

πŸ”— https://github.com/illagrenan/django-make-app/issues/5
πŸ”— https://joel-malwarebenchmark.github.io/blog/2017/11/12/cve-2017-16764-vulnerability-in-django-make-app/
πŸ”— https://github.com/illagrenan/django-make-app/issues/5
πŸ”— https://joel-malwarebenchmark.github.io/blog/2017/11/12/cve-2017-16764-vulnerability-in-django-make-app/

Related Vulnerabilities

CVE-2017-1684510.0

hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access.

CVE-2017-1446910.0

An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Brad...

CVE-2017-1015110.0

Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Default Account). Supported vers...

CVE-2017-1447010.0

An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Brad...