Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for qlib by microsoft
CVE-2021-23338 (GCVE-0-2021-23338)
Vulnerability from cvelistv5 – Published: 2021-02-15 15:50 – Updated: 2024-09-16 17:49
VLAI
Title
Deserialization of Untrusted Data
Summary
This affects all versions of package qlib. The workflow function in cli part of qlib was using an unsafe YAML load function.
Severity
CWE
- Deserialization of Untrusted Data
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://snyk.io/vuln/SNYK-PYTHON-QLIB-1054635 | x_refsource_MISC |
| https://github.com/418sec/huntr/pull/1329 | x_refsource_MISC |
Date Public
2021-02-15 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:55.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-PYTHON-QLIB-1054635"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/418sec/huntr/pull/1329"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "qlib",
"vendor": "n/a",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ajmal Aboobacker"
}
],
"datePublic": "2021-02-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "This affects all versions of package qlib. The workflow function in cli part of qlib was using an unsafe YAML load function."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"remediationLevel": "UNAVAILABLE",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Deserialization of Untrusted Data",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-15T15:50:15.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-PYTHON-QLIB-1054635"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/418sec/huntr/pull/1329"
}
],
"title": "Deserialization of Untrusted Data",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2021-02-15T15:49:58.504852Z",
"ID": "CVE-2021-23338",
"STATE": "PUBLIC",
"TITLE": "Deserialization of Untrusted Data"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "qlib",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Ajmal Aboobacker"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This affects all versions of package qlib. The workflow function in cli part of qlib was using an unsafe YAML load function."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-PYTHON-QLIB-1054635",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-PYTHON-QLIB-1054635"
},
{
"name": "https://github.com/418sec/huntr/pull/1329",
"refsource": "MISC",
"url": "https://github.com/418sec/huntr/pull/1329"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2021-23338",
"datePublished": "2021-02-15T15:50:15.795Z",
"dateReserved": "2021-01-08T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:49:26.778Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23338 (GCVE-0-2021-23338)
Vulnerability from nvd – Published: 2021-02-15 15:50 – Updated: 2024-09-16 17:49
VLAI
Title
Deserialization of Untrusted Data
Summary
This affects all versions of package qlib. The workflow function in cli part of qlib was using an unsafe YAML load function.
Severity
CWE
- Deserialization of Untrusted Data
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://snyk.io/vuln/SNYK-PYTHON-QLIB-1054635 | x_refsource_MISC |
| https://github.com/418sec/huntr/pull/1329 | x_refsource_MISC |
Date Public
2021-02-15 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:55.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-PYTHON-QLIB-1054635"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/418sec/huntr/pull/1329"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "qlib",
"vendor": "n/a",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ajmal Aboobacker"
}
],
"datePublic": "2021-02-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "This affects all versions of package qlib. The workflow function in cli part of qlib was using an unsafe YAML load function."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"remediationLevel": "UNAVAILABLE",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Deserialization of Untrusted Data",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-15T15:50:15.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-PYTHON-QLIB-1054635"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/418sec/huntr/pull/1329"
}
],
"title": "Deserialization of Untrusted Data",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2021-02-15T15:49:58.504852Z",
"ID": "CVE-2021-23338",
"STATE": "PUBLIC",
"TITLE": "Deserialization of Untrusted Data"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "qlib",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Ajmal Aboobacker"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This affects all versions of package qlib. The workflow function in cli part of qlib was using an unsafe YAML load function."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-PYTHON-QLIB-1054635",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-PYTHON-QLIB-1054635"
},
{
"name": "https://github.com/418sec/huntr/pull/1329",
"refsource": "MISC",
"url": "https://github.com/418sec/huntr/pull/1329"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2021-23338",
"datePublished": "2021-02-15T15:50:15.795Z",
"dateReserved": "2021-01-08T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:49:26.778Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}