VYPR
Critical severity9.8NVD Advisory· Published Nov 8, 2017· Updated Jun 17, 2026

CVE-2017-16615

CVE-2017-16615

Description

An exploitable vulnerability exists in the YAML parsing functionality in the parse_yaml_query method in parser.py in MLAlchemy before 0.2.2. When processing YAML-Based queries for data, a YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
MLAlchemyPyPI
< 0.2.20.2.2

Affected products

6
  • cpe:2.3:a:mlalchemy_project:mlalchemy:0.1.1:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:mlalchemy_project:mlalchemy:0.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mlalchemy_project:mlalchemy:0.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mlalchemy_project:mlalchemy:0.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mlalchemy_project:mlalchemy:0.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mlalchemy_project:mlalchemy:0.2.1:*:*:*:*:*:*:*
  • ghsa-coords
    Range: < 0.2.2

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.