You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
django_make_app is vulnerable to Code Injection
Critical severity
GitHub Reviewed
Published
Jul 13, 2018
to the GitHub Advisory Database
•
Updated Sep 5, 2023
An exploitable vulnerability exists in the YAML parsing functionality in the read_yaml_file method in io_utils.py in django_make_app 0.1.3. A YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability.
An exploitable vulnerability exists in the YAML parsing functionality in the
read_yaml_file
method inio_utils.py
in django_make_app 0.1.3. A YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability.References