logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

CVE-2021-23338 pyqlib

Package

Manager: pip
Name: pyqlib
Vulnerable Version: >=0 <0.7.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.05104 pctl0.8943

Details

qlib Deserialization of Untrusted Data vulnerability This affects all versions of package qlib. The workflow function in cli part of qlib was using an unsafe YAML load function.

Metadata

Created: 2022-05-24T17:42:16Z
Modified: 2024-10-14T16:09:46Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hjr4-fhgp-23g9/GHSA-hjr4-fhgp-23g9.json
CWE IDs: ["CWE-502", "CWE-94"]
Alternative ID: GHSA-hjr4-fhgp-23g9
Finding: F096
Auto approve: 1