mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-09 19:17:37 +02:00
0xMarcio
857 B
857 B
CVE-2020-13388
Description
An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safe_load is not used.
POC
Reference
- https://joel-malwarebenchmark.github.io
- https://joel-malwarebenchmark.github.io/blog/2020/04/27/cve-2020-13388-jw-util-vulnerability/
Github
No PoCs found on GitHub currently.