Python Package: OwlMixin
Version: Before 2.0.0a12
Published: Nov. 7th. 2017
Reported by: Joel
OwlMixin is a Library which converts data class instance and others each other.Recently,an issue was discovered in the
owlmixin package before
2.0.0a12.Untrusted data passed into the
load_yaml() and the
load_yamlf() functions can execute arbitrary python commands resulting in command execution.
1 2 3 4
The updated versions of
OwlMixin (2.0.0a12) correctly use the
yaml.safe_load method which prevents remote code execution.