CVE-2020-13388
https://notcve.org/view.php?id=CVE-2020-13388
An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safe_load is not used. Se presenta una vulnerabilidad explotable en la funcionalidad configuration-loading del paquete jw.util versiones anteriores a 2.3 para Python. Al cargar una configuración con las funciones FromString o FromStream con YAML, uno puede ejecutar código Python arbitrario, resultando en una ejecución de comando del Sistema Operativo, porque no es usado safe_load. • https://joel-malwarebenchmark.github.io https://joel-malwarebenchmark.github.io/blog/2020/04/27/cve-2020-13388-jw-util-vulnerability https://security.netapp.com/advisory/ntap-20200528-0002 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •