Approved changes feed: RSS · Atom
cpe:2.3:a:python:jw.util:*:*:*:*:*:python:*:*
part: a version: * update: *
| Vendor | Python (b57ad93a-6195-5192-9423-6cfad6044a8b) |
|---|---|
| Product | Jw.Util (603f9422-fc6b-5945-b913-280fde3869f5) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | python |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2020-13388 |
vulnerable | 2026-06-03 14:41:36.597584 |
Details available
An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safe_load is not used.
Published: 2020-05-22T16:07:19.000Z
Updated: 2024-08-04T12:18:17.810Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.