pyanyapi@0.5.4 vulnerabilities
Tools for convenient interface creation over various types of data in a declarative way.
-
latest version
0.6.1
-
first published
9 years ago
-
latest version published
7 years ago
-
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the pyanyapi package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
Affected versions of the package are vulnerable to Arbitrary Code Execution. An exploitable vulnerability exists in the YAML parsing functionality in the YAMLParser method in Interfaces.py in PyAnyAPI before 0.6.1. A YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability. How to fix Arbitrary Code Execution? Upgrade |
[,0.6.1]
|