Vulnerabilities > CVE-2017-16764 - Unspecified vulnerability in Django Make APP Project Django Make APP 0.1.3

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

django-make-app-project

NVD

Published: 2017-11-10

Updated: 2019-12-11

Summary

An exploitable vulnerability exists in the YAML parsing functionality in the read_yaml_file method in io_utils.py in django_make_app 0.1.3. A YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Django_Make_App_Project Django Make APP Project Django Make APP 0.1.3	1

References

https://github.com/illagrenan/django-make-app/issues/5
https://joel-malwarebenchmark.github.io/blog/2017/11/12/cve-2017-16764-vulnerability-in-django-make-app/