Vulnerability: Arbitrary Code Injection Or Denial Of Service (DoS) Through Unsafe Middleware
Severity: High
Project: petems/tugboat
Branch: master
Scan Date: Jul 3, 2017 12:01:10
Issue Decription
faraday_middleware is vulnerable to arbitrary code injection or denial of service attacks. It is possible when it uses YAML.load() by default to load resources from untrusted sources or over HTTP. YAML.load() is not safe against DoS and arbitrary code injection if it uses a Psych version that supports it.
Arbitrary Code Injection Or Denial Of Service (DoS) Through Unsafe Middleware in petems/tugboat (master)
Issue Details
Issue Decription
faraday_middleware is vulnerable to arbitrary code injection or denial of service attacks. It is possible when it uses
YAML.load()
by default to load resources from untrusted sources or over HTTP.YAML.load()
is not safe against DoS and arbitrary code injection if it uses a Psych version that supports it.View more details