{"id":"PYSEC-2019-21","details":"An issue was discovered in Donfig 0.3.0. There is a vulnerability in the collect_yaml method in config_obj.py. It can execute arbitrary Python commands, resulting in command execution.","aliases":["CVE-2019-7537","GHSA-3qr5-h7w4-3gx3"],"modified":"2026-06-10T17:01:11.970039412Z","published":"2019-03-21T20:29:00Z","references":[{"type":"REPORT","url":"https://github.com/pytroll/donfig/issues/5"},{"type":"WEB","url":"https://github.com/pytroll/donfig/commits/master"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-3qr5-h7w4-3gx3"}],"affected":[{"package":{"name":"donfig","ecosystem":"PyPI","purl":"pkg:pypi/donfig"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.4.0"}]}],"versions":["0.1.0","0.1.1","0.1.2","0.2.0","0.3.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/donfig/PYSEC-2019-21.yaml"}}],"schema_version":"1.7.5"}