Vulnerabilities > CVE-2021-23338 - Deserialization of Untrusted Data vulnerability in Microsoft Qlib
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
This affects all versions of package qlib. The workflow function in cli part of qlib was using an unsafe YAML load function.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |