CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2017-16764

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1780%
EPSS Percentile30.95th
Published2017年11月10日
Last Modified2026年5月13日

Vulnerability Description

An exploitable vulnerability exists in the YAML parsing functionality in the read_yaml_file method in io_utils.py in django_make_app 0.1.3. A YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability.

Affected Platforms (CPE)

📦
Django Make App Project

Django Make App

= 0.1.3

References & Advisories

🔗 https://github.com/illagrenan/django-make-app/issues/5
🔗 https://joel-malwarebenchmark.github.io/blog/2017/11/12/cve-2017-16764-vulnerability-in-django-make-app/
🔗 https://github.com/illagrenan/django-make-app/issues/5
🔗 https://joel-malwarebenchmark.github.io/blog/2017/11/12/cve-2017-16764-vulnerability-in-django-make-app/

相關漏洞威脅

CVE-2017-1015110.0

Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Default Account). Supported vers...

CVE-2017-1040210.0

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Report...

CVE-2017-1040510.0

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Report...

CVE-2017-1026910.0

Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affecte...