search

erigones / esdc-ce

Danube Cloud :: Community Edition
https://danubecloud.org
Apache License 2.0
127 stars 28 forks source link

[FIX] Security - useing Safeloader #560

Closed b1nslashsh closed 2 years ago

b1nslashsh commented 3 years ago

using Safe_load instead of yaml.load to avoid security risks

here is a example proof of concept for arbitrary code execution using yaml.load() :

poc

Hacktoberfest

b1nslashsh commented 2 years ago

Hey @YanChii ,

Can we look at this please

Thanks

YanChii commented 2 years ago

Thanks