VYPR

PyPI package

confire

pkg:pypi/confire

Vulnerabilities (1)

  • CVE-2017-16763CriNov 10, 2017
    affected <= 0.2.0

    An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from "~/.confire.yaml" using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in command e