CVE-2019-10135 HIGH

CVE-2019-10135

Vendor Red Hat

Product osbs-client

Weakness CWE-502 · Unsafe deserialization

Published July 11, 2019

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

7.2/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A flaw was found in the yaml.load() function in the osbs-client versions since 0.46 before 0.56.1. Insecure use of the yaml.load() function allowed the user to load any suspicious object for code execution via the parsing of malicious YAML files.

Key dates

02Disclosure timeline

July 11, 2019 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-10135 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/502.html

Related vulnerabilities

04Related CVE

CVE-2025-1403 Qiskit SDK denial of service CVE-2022-37023 Apache Geode deserialization of untrusted data flaw when using REST API on Java 8 or Java 11 CVE-2025-34491 GFI MailEssentials < 21.8 MultiNode Insecure Deserialization CVE-2024-43242 WordPress Indeed Ultimate Membership Pro plugin <= 12.7 - Unauthenticated PHP Object Injection vulnerability CVE-2024-23636 SOFARPC Remote Command Execution(RCE) Vulnerbility