Vulnerabilities > CVE-2019-10135 - Deserialization of Untrusted Data vulnerability in Osbs-Client Project Osbs-Client

CVSS 7.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

osbs-client-project

CWE-502

NVD

Published: 2019-07-11

Updated: 2022-11-07

Summary

A flaw was found in the yaml.load() function in the osbs-client versions since 0.46 before 0.56.1. Insecure use of the yaml.load() function allowed the user to load any suspicious object for code execution via the parsing of malicious YAML files.

Vulnerable Configurations

Part	Description	Count
Application	Osbs-Client_Project Osbs Client Project Osbs Client 0.46 Osbs Client Project Osbs Client 0.46.1 Osbs Client Project Osbs Client 0.47 Osbs Client Project Osbs Client 0.48 Osbs Client Project Osbs Client 0.49 Osbs Client Project Osbs Client 0.50 Osbs Client Project Osbs Client 0.51 Osbs Client Project Osbs Client 0.51.1 Osbs Client Project Osbs Client 0.52 Osbs Client Project Osbs Client 0.53 Osbs Client Project Osbs Client 0.53.1 Osbs Client Project Osbs Client 0.54 Osbs Client Project Osbs Client 0.54.1 Osbs Client Project Osbs Client 0.55 Osbs Client Project Osbs Client 0.56	15

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References