Arbitrary Code Execution Affecting confidence package, versions [,0.4)
Snyk CVSS
Attack Complexity
Low
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-CONFIDENCE-42173
- published 2 Aug 2018
- disclosed 1 Aug 2018
- credit Unknown
How to fix?
Upgrade confidence
to version 0.4 or higher.
Overview
confidence makes it easy to load one or multiple sources of configuration values and exposes them as a simple to use Python object.
Affected versions of this package are vulnerable to Arbitrary Code Execution via the insecure YAML.load()
function.