Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2020-13388

An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safe_load is not used.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.016
EPSS Ranking 80.4%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
Products affected by CVE-2020-13388
  • Python » Jw.util » Version: 1.0
    cpe:2.3:a:python:jw.util:1.0
  • Python » Jw.util » Version: 1.3.4
    cpe:2.3:a:python:jw.util:1.3.4
  • Python » Jw.util » Version: 1.3.5
    cpe:2.3:a:python:jw.util:1.3.5
  • Python » Jw.util » Version: 1.3.6
    cpe:2.3:a:python:jw.util:1.3.6
  • Python » Jw.util » Version: 1.3.7
    cpe:2.3:a:python:jw.util:1.3.7
  • Python » Jw.util » Version: 1.4
    cpe:2.3:a:python:jw.util:1.4
  • Python » Jw.util » Version: 1.4.1
    cpe:2.3:a:python:jw.util:1.4.1
  • Python » Jw.util » Version: 1.4.2
    cpe:2.3:a:python:jw.util:1.4.2
  • Python » Jw.util » Version: 1.5
    cpe:2.3:a:python:jw.util:1.5
  • Python » Jw.util » Version: 1.5.1
    cpe:2.3:a:python:jw.util:1.5.1
  • Python » Jw.util » Version: 1.5.2
    cpe:2.3:a:python:jw.util:1.5.2
  • Python » Jw.util » Version: 1.5.3
    cpe:2.3:a:python:jw.util:1.5.3
  • Python » Jw.util » Version: 1.5.4
    cpe:2.3:a:python:jw.util:1.5.4
  • Python » Jw.util » Version: 1.5.5
    cpe:2.3:a:python:jw.util:1.5.5
  • Python » Jw.util » Version: 1.6
    cpe:2.3:a:python:jw.util:1.6
  • Python » Jw.util » Version: 1.7
    cpe:2.3:a:python:jw.util:1.7
  • Python » Jw.util » Version: 1.8
    cpe:2.3:a:python:jw.util:1.8
  • Python » Jw.util » Version: 1.9
    cpe:2.3:a:python:jw.util:1.9
  • Python » Jw.util » Version: 1.9.1
    cpe:2.3:a:python:jw.util:1.9.1
  • Python » Jw.util » Version: 1.9.2
    cpe:2.3:a:python:jw.util:1.9.2
  • Python » Jw.util » Version: 2.0
    cpe:2.3:a:python:jw.util:2.0
  • Python » Jw.util » Version: 2.0.1
    cpe:2.3:a:python:jw.util:2.0.1
  • Python » Jw.util » Version: 2.1
    cpe:2.3:a:python:jw.util:2.1
  • Python » Jw.util » Version: 2.2
    cpe:2.3:a:python:jw.util:2.2


Products
Pricing
Contact Us

Shodan ® - All rights reserved