{"id":"PYSEC-2021-86","details":"This affects all versions of package qlib. The workflow function in cli part of qlib was using an unsafe YAML load function.","aliases":["CVE-2021-23338","GHSA-hjr4-fhgp-23g9","SNYK-PYTHON-QLIB-1054635"],"modified":"2024-04-29T11:41:20.084768Z","published":"2021-02-15T16:15:00Z","references":[{"type":"WEB","url":"https://github.com/418sec/huntr/pull/1329"},{"type":"ADVISORY","url":"https://snyk.io/vuln/SNYK-PYTHON-QLIB-1054635"}],"affected":[{"package":{"name":"pyqlib","ecosystem":"PyPI","purl":"pkg:pypi/pyqlib"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.6.3"}]}],"versions":["0.5.0.dev10","0.5.0.dev7","0.5.0.dev8","0.5.0.dev9","0.5.1","0.5.1.dev0","0.6.0","0.6.1","0.6.2"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/pyqlib/PYSEC-2021-86.yaml"}}],"schema_version":"1.7.3"}