VYPR
Critical severity9.8NVD Advisory· Published Nov 8, 2017· Updated Jun 17, 2026

CVE-2017-16618

CVE-2017-16618

Description

An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A "Load YAML" string or file (aka load_yaml or load_yamlf) can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
owlmixinPyPI
< 2.0.02.0.0

Affected products

13
  • cpe:2.3:a:owlmixin_project:owlmixin:*:*:*:*:*:*:*:*+ 11 more
    • cpe:2.3:a:owlmixin_project:owlmixin:*:*:*:*:*:*:*:*range: <2.0.0
    • cpe:2.3:a:owlmixin_project:owlmixin:2.0.0:alpha1:*:*:*:*:*:*
    • cpe:2.3:a:owlmixin_project:owlmixin:2.0.0:alpha10:*:*:*:*:*:*
    • cpe:2.3:a:owlmixin_project:owlmixin:2.0.0:alpha11:*:*:*:*:*:*
    • cpe:2.3:a:owlmixin_project:owlmixin:2.0.0:alpha2:*:*:*:*:*:*
    • cpe:2.3:a:owlmixin_project:owlmixin:2.0.0:alpha3:*:*:*:*:*:*
    • cpe:2.3:a:owlmixin_project:owlmixin:2.0.0:alpha4:*:*:*:*:*:*
    • cpe:2.3:a:owlmixin_project:owlmixin:2.0.0:alpha5:*:*:*:*:*:*
    • cpe:2.3:a:owlmixin_project:owlmixin:2.0.0:alpha6:*:*:*:*:*:*
    • cpe:2.3:a:owlmixin_project:owlmixin:2.0.0:alpha7:*:*:*:*:*:*
    • cpe:2.3:a:owlmixin_project:owlmixin:2.0.0:alpha8:*:*:*:*:*:*
    • cpe:2.3:a:owlmixin_project:owlmixin:2.0.0:alpha9:*:*:*:*:*:*
  • ghsa-coords
    Range: < 2.0.0

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.