Vulnerabilities > CVE-2017-16616 - Unspecified vulnerability in Pyanyapi Project Pyanyapi

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

pyanyapi-project

critical

NVD

Published: 2017-11-08

Updated: 2024-11-21

Summary

An exploitable vulnerability exists in the YAML parsing functionality in the YAMLParser method in Interfaces.py in PyAnyAPI before 0.6.1. A YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Pyanyapi_Project Pyanyapi Project Pyanyapi 0.1 Pyanyapi Project Pyanyapi 0.2 Pyanyapi Project Pyanyapi 0.2.1 Pyanyapi Project Pyanyapi 0.3 Pyanyapi Project Pyanyapi 0.4 Pyanyapi Project Pyanyapi 0.5 Pyanyapi Project Pyanyapi 0.5.1 Pyanyapi Project Pyanyapi 0.5.2 Pyanyapi Project Pyanyapi 0.5.3 Pyanyapi Project Pyanyapi 0.5.4 Pyanyapi Project Pyanyapi 0.5.5 Pyanyapi Project Pyanyapi 0.5.6 Pyanyapi Project Pyanyapi 0.5.7 Pyanyapi Project Pyanyapi 0.5.8 Pyanyapi Project Pyanyapi 0.6.0	15

Summary

Vulnerable Configurations

References