CVE-2017-16764

illagrenan/django-make-app

on github

Published

November 10, 2017

Severity

CVSS v3:

9.8 CRITICAL

CVSS v2:

7.5 HIGH

Description

An exploitable vulnerability exists in the YAML parsing functionality in the read_yaml_file method in io_utils.py in django_make_app 0.1.3. A YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability.

References

https://github.com/illagrenan/django-make-app/issues/5
https://joel-malwarebenchmark.github.io/blog/2017/11/12/cve-2017-16764-vulnerability-in-django-make-app/

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:django_make_app_project:django_make_app:0.1.3:::::::*	n/a	n/a	0.1.3

External Links

NVD - CVE-2017-16764