confire is vulnerable to remote code execution attacks. The attacks can happen because the config.py
file allows users to parse their configuration from the /.confire.yaml
through the yaml.load()
function of the YAML parser, allowing attackers to inject and execute arbitrary python commands.
github.com/bbengfort/confire/blob/1af143389a3d98e5915767a79d24d4e08dd4f454/confire/config.py#L113
github.com/bbengfort/confire/commit/54bd70c49a5a051f42a60f47ff7dbff5843e60f4
github.com/bbengfort/confire/commit/8cc86a5ec2327e070f1d576d61bbaadf861597ea
github.com/bbengfort/confire/issues/24
joel-malwarebenchmark.github.io/blog/2017/11/12/cve-2017-16763-configure-loaded-through-confire/