Vulnerability CVE-2019-10135


Published: 2019-07-11

Description:
A flaw was found in the yaml.load() function in the osbs-client versions since 0.46 before 0.56.1. Insecure use of the yaml.load() function allowed the user to load any suspicious object for code execution via the parsing of malicious YAML files.

Type:

CWE-20

(Improper Input Validation)

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.5/10
6.4/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Osbs-client project -> Osbs-client 

 References:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10135
https://github.com/containerbuildsystem/osbs-client/pull/865

Copyright 2024, cxsecurity.com

 

Back to Top