ymlref@0.1.1 vulnerabilities

ymlref: load Yaml documents with possibility to resolve references.

Known vulnerabilities in the ymlref package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
C Code Injection ymlref is a package that allows you to load Yaml documents with the possibility to resolve references. Affected versions of this package are vulnerable to Code Injection. `ymlref` allows code injection via the `load` method. PoC `import ymlref.api test_str ='!!python/object/apply:os.system ["dir"]' ymlref.api.load(test_str,)` How to fix Code Injection? There is no fixed version for `ymlref`.	[0,)

ymlref is a package that allows you to load Yaml documents with the possibility to resolve references.

Affected versions of this package are vulnerable to Code Injection. ymlref allows code injection via the load method.

import ymlref.api

test_str ='!!python/object/apply:os.system ["dir"]'
ymlref.api.load(test_str,)

How to fix Code Injection?

There is no fixed version for ymlref.

[0,)