Vulnerabilities > CVE-2021-23338 - Deserialization of Untrusted Data vulnerability in Microsoft Qlib

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
microsoft
CWE-502

Summary

This affects all versions of package qlib. The workflow function in cli part of qlib was using an unsafe YAML load function.

Vulnerable Configurations

Part Description Count
Application
Microsoft
1

Common Weakness Enumeration (CWE)