Critical severityNVD Advisory· Published Nov 2, 2023· Updated Sep 6, 2024
CVE-2023-47204
CVE-2023-47204
Description
Unsafe YAML deserialization in yaml.Loader in transmute-core before 1.13.5 allows attackers to execute arbitrary Python code.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
transmute-corePyPI | < 1.13.5 | 1.13.5 |
Affected products
2- transmute-core/transmute-coredescription
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-w9cp-3x79-2p8pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-47204ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/transmute-core/PYSEC-2023-223.yamlghsaWEB
- github.com/toumorokoshi/transmute-core/commit/29bf82eb8ed9926d31eec90aec482ecc0dcb23f0ghsaWEB
- github.com/toumorokoshi/transmute-core/pull/58ghsaWEB
- github.com/toumorokoshi/transmute-core/releases/tag/v1.13.5ghsaWEB
News mentions
0No linked articles in our index yet.