{"id":"CVE-2021-27213","details":"config.py in pystemon before 2021-02-13 allows code execution via YAML deserialization because SafeLoader and safe_load are not used.","modified":"2026-07-08T06:01:09.055272630Z","published":"2021-02-14T04:15:12.837Z","database_specific":{"unresolved_ranges":[{"source":"CPE_RANGE","vendor_product":"pystemon_project:pystemon","cpes":["cpe:2.3:a:pystemon_project:pystemon:*:*:*:*:*:*:*:*"],"extracted_events":[{"fixed":"2021-02-13"}]},{"extracted_events":[{"fixed":"2021-02-13"}],"source":"DESCRIPTION"}]},"references":[{"type":"FIX","url":"https://github.com/cvandeplas/pystemon/commit/dbeb87afefdb63de2f4cff69b6f10c5965d14b54"},{"type":"EVIDENCE","url":"https://www.huntr.dev/bounties/1-other-pystemon/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cvandeplas/pystemon","events":[{"introduced":"0"},{"fixed":"dbeb87afefdb63de2f4cff69b6f10c5965d14b54"}],"database_specific":{"source":"REFERENCES"}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-27213.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}