Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

Related vulnerabilities

PYSEC-2021-86

Vulnerability from pysec - Published: 2021-02-15 16:15 - Updated: 2021-06-09 05:01
VLAI?
Details

This affects all versions of package qlib. The workflow function in cli part of qlib was using an unsafe YAML load function.

Impacted products
Name purl
pyqlib pkg:pypi/pyqlib
Aliases
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "pyqlib",
        "purl": "pkg:pypi/pyqlib"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.6.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.5.0.dev10",
        "0.5.0.dev7",
        "0.5.0.dev8",
        "0.5.0.dev9",
        "0.5.1",
        "0.5.1.dev0",
        "0.6.0",
        "0.6.1",
        "0.6.2"
      ]
    }
  ],
  "aliases": [
    "CVE-2021-23338",
    "SNYK-PYTHON-QLIB-1054635"
  ],
  "details": "This affects all versions of package qlib. The workflow function in cli part of qlib was using an unsafe YAML load function.",
  "id": "PYSEC-2021-86",
  "modified": "2021-06-09T05:01:32.318077Z",
  "published": "2021-02-15T16:15:00Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/418sec/huntr/pull/1329"
    },
    {
      "type": "ADVISORY",
      "url": "https://snyk.io/vuln/SNYK-PYTHON-QLIB-1054635"
    }
  ]
}