PYSEC-2023-223
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/transmute-core/PYSEC-2023-223.yaml
- JSON Data
- https://api.osv.dev/v1/vulns/PYSEC-2023-223
- Aliases
- Published
- 2023-11-02T06:15:00Z
- Modified
- 2023-11-08T04:13:43.890139Z
- Summary
- [none]
- Details
-
Unsafe YAML deserialization in yaml.Loader in transmute-core before 1.13.5 allows attackers to execute arbitrary Python code.
- References
Affected packages
PyPI / transmute-core
Package
- Name
- transmute-core
- View open source insights on deps.dev
- Purl
- pkg:pypi/transmute-core
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.13.5
Affected versions
Other
0
0.*
0.1.0b0
0.1.0
0.1.1
0.1.3
0.1.4b0
0.1.4
0.1.5
0.1.6
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5
0.2.6
0.2.7
0.2.8
0.2.9
0.2.10
0.2.11
0.2.12
0.3.0
0.3.1
0.4.0
0.4.1
0.4.2
0.4.3
0.4.4
0.4.5
0.4.6
0.4.7
0.4.8
0.4.9
0.4.10
0.4.11
0.4.12
0.5.0
0.6.0
1.*
1.0.0
1.0.1
1.1.0
1.1.1
1.2.0
1.3.0
1.3.1
1.3.2
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
1.5.0
1.6.0
1.7.0
1.7.1
1.8.0
1.8.1
1.9.0
1.9.1
1.9.2
1.9.3
1.9.4
1.10.1
1.11.0
1.12.0
1.13.0
1.13.1
1.13.2
1.13.3
1.13.4a0
1.13.4