← back
CVE-2019-10135

CVE-2019-10135

CVSS 7.2 HIGHEPSS 1.9%CWE-502
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.2EPSS 1.9%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
11 Jul 2019Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A flaw was found in the yaml.load() function in the osbs-client versions since 0.46 before 0.56.1. Insecure use of the yaml.load() function allowed the user to load any suspicious object for code execution via the parsing of malicious YAML files.
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
Red Hat · osbs-client

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10135https://github.com/containerbuildsystem/osbs-client/pull/865