EIQ-2018-0010
ID |
EIQ-2018-0009 |
CVE |
|
Description |
Arbitrary Python code execution through the yaml.load function |
Date |
07 Jan 2019 |
Severity |
0 - NONE |
CVSSv3 score |
9.8 |
Status |
All versions |
Assessment |
EclecticIQ Platform uses the pyyaml library, which facilitates the execution of arbitrary Python code through the yaml.load function. |
Mitigation |
EclecticIQ Platform was never affected. |
Affected versions |
None |
Notes |
EclecticIQ Platform always uses yaml.safe_load, which does not allow executing arbitrary Python code. |