Unrated severityNVD Advisory· Published Jul 11, 2019· Updated Aug 4, 2024

CVE-2019-10135

Description

A flaw was found in the yaml.load() function in the osbs-client versions since 0.46 before 0.56.1. Insecure use of the yaml.load() function allowed the user to load any suspicious object for code execution via the parsing of malicious YAML files.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Red Hat/osbs-clientllm-create2 versions
>=0.46 <0.56.1+ 1 more
- (no CPE)range: >=0.46 <0.56.1
- (no CPE)range: since 0.46 before 0.56.1

Patches

Vulnerability mechanics

References

bugzilla.redhat.com/show_bug.cgimitre
github.com/containerbuildsystem/osbs-client/pull/865mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000