CVE-2019-10135
7.2
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A flaw was found in the yaml.load() function in the osbs-client versions since 0.46 before 0.56.1. Insecure use of the yaml.load() function allowed the user to load any suspicious object for code execution via the parsing of malicious YAML files.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | osbs-client | since 0.46 before 0.56.1 | affected |
Weaknesses
- CWE-502: CWE-502
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10135
- https://github.com/containerbuildsystem/osbs-client/pull/865
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10135
- https://github.com/containerbuildsystem/osbs-client/pull/865
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.