planemo@0.30.2 vulnerabilities

Command-line utilities to assist in building tools for the Galaxy project (http://galaxyproject.org/).

latest version

0.75.32.dev0

latest non vulnerable version

0.75.32.dev0

first published

10 years ago

latest version published

26 days ago

licenses detected

AFL-3.0
[0.3.0,0.74.4)

View planemo package health on Snyk Advisor (opens in a new tab)

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the planemo package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
C Arbitrary Code Execution planemo is a command-line utilities library to assist in building tools for the Galaxy project. Affected versions of this package are vulnerable to Arbitrary Code Execution due to using the insecure `yaml.load()` function. Default behavior of PyYAML's `yaml.load()` method is unsafe and can execute code stored/provided in yaml files. How to fix Arbitrary Code Execution? Upgrade `planemo` to version 0.59.0 or higher.	[,0.59.0)

Arbitrary Code Execution

planemo is a command-line utilities library to assist in building tools for the Galaxy project.

Affected versions of this package are vulnerable to Arbitrary Code Execution due to using the insecure yaml.load() function. Default behavior of PyYAML's yaml.load() method is unsafe and can execute code stored/provided in yaml files.

How to fix Arbitrary Code Execution?

Upgrade planemo to version 0.59.0 or higher.

[,0.59.0)

Go back to all versions of this package