pyanyapi@0.5.5 vulnerabilities

Tools for convenient interface creation over various types of data in a declarative way.

Direct Vulnerabilities

Known vulnerabilities in the pyanyapi package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • C
Arbitrary Code Execution

pyanyapi is tools for convenient interface creation over various types of data in a declarative way.

Affected versions of the package are vulnerable to Arbitrary Code Execution. An exploitable vulnerability exists in the YAML parsing functionality in the YAMLParser method in Interfaces.py in PyAnyAPI before 0.6.1. A YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability.

How to fix Arbitrary Code Execution?

Upgrade pyanyapi to version 0.6.1 or higher.

[,0.6.1]