Vulnerabilities > CVE-2017-16616 - Unspecified vulnerability in Pyanyapi Project Pyanyapi

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

pyanyapi-project

NVD

Published: 2017-11-08

Updated: 2019-10-03

Summary

An exploitable vulnerability exists in the YAML parsing functionality in the YAMLParser method in Interfaces.py in PyAnyAPI before 0.6.1. A YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Pyanyapi_Project Pyanyapi Project Pyanyapi 0.1 Pyanyapi Project Pyanyapi 0.2 Pyanyapi Project Pyanyapi 0.2.1 Pyanyapi Project Pyanyapi 0.3 Pyanyapi Project Pyanyapi 0.4 Pyanyapi Project Pyanyapi 0.5 Pyanyapi Project Pyanyapi 0.5.1 Pyanyapi Project Pyanyapi 0.5.2 Pyanyapi Project Pyanyapi 0.5.3 Pyanyapi Project Pyanyapi 0.5.4 Pyanyapi Project Pyanyapi 0.5.5 Pyanyapi Project Pyanyapi 0.5.6 Pyanyapi Project Pyanyapi 0.5.7 Pyanyapi Project Pyanyapi 0.5.8 Pyanyapi Project Pyanyapi 0.6.0	15

Summary

Vulnerable Configurations

References