An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A Load YAML string or file (aka load_yaml or load_yamlf) can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Owlmixin | Owlmixin_project | * | 2.0.0 (excluding) |
| Owlmixin | Owlmixin_project | 2.0.0-alpha1 (including) | 2.0.0-alpha1 (including) |
| Owlmixin | Owlmixin_project | 2.0.0-alpha10 (including) | 2.0.0-alpha10 (including) |
| Owlmixin | Owlmixin_project | 2.0.0-alpha11 (including) | 2.0.0-alpha11 (including) |
| Owlmixin | Owlmixin_project | 2.0.0-alpha2 (including) | 2.0.0-alpha2 (including) |
| Owlmixin | Owlmixin_project | 2.0.0-alpha3 (including) | 2.0.0-alpha3 (including) |
| Owlmixin | Owlmixin_project | 2.0.0-alpha4 (including) | 2.0.0-alpha4 (including) |
| Owlmixin | Owlmixin_project | 2.0.0-alpha5 (including) | 2.0.0-alpha5 (including) |
| Owlmixin | Owlmixin_project | 2.0.0-alpha6 (including) | 2.0.0-alpha6 (including) |
| Owlmixin | Owlmixin_project | 2.0.0-alpha7 (including) | 2.0.0-alpha7 (including) |
| Owlmixin | Owlmixin_project | 2.0.0-alpha8 (including) | 2.0.0-alpha8 (including) |
| Owlmixin | Owlmixin_project | 2.0.0-alpha9 (including) | 2.0.0-alpha9 (including) |