CVE-2020-13388P2CRITICALCVSS 9.8fixed in 2.32020-05-22
CVE-2020-13388 [CRITICAL] CWE-78 CVE-2020-13388: An exploitable vulnerability exists in the configuration-loading functionality of the jw.util packag
An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safe_load is not used.
ghsanvd