Vulnerabilities > CVE-2021-23338 - Deserialization of Untrusted Data vulnerability in Microsoft Qlib
Attack vector
NETWORK Attack complexity
LOW Privileges required
HIGH Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
This affects all versions of package qlib. The workflow function in cli part of qlib was using an unsafe YAML load function.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |