CVE-2020-13388 - An exploitable vulnerability exists in the configuration-loading functionality of the jw.util packag

CVE-2020-13388

Summary

An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safe_load is not used.

References

https://joel-malwarebenchmark.github.io

Vulnerable Configurations

CVSS

Base:	5.0
Impact:
Exploitability:

Access

Vector	Complexity	Authentication

Impact

Confidentiality	Integrity	Availability

Last major update

22-05-2020 - 17:36

Published

22-05-2020 - 17:15

Last modified

22-05-2020 - 17:36