{"id":"PYSEC-2019-122","details":"Sqla_yaml_fixtures 0.9.1 allows local users to execute arbitrary python code via the fixture_text argument in sqla_yaml_fixtures.load.","aliases":["CVE-2019-3575","GHSA-2x54-j4m3-r6wx"],"modified":"2023-11-01T04:50:56.364606Z","published":"2019-01-03T19:29:00Z","references":[{"type":"REPORT","url":"https://github.com/schettino72/sqla_yaml_fixtures/issues/20"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-2x54-j4m3-r6wx"}],"affected":[{"package":{"name":"sqla-yaml-fixtures","ecosystem":"PyPI","purl":"pkg:pypi/sqla-yaml-fixtures"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.0"}]}],"versions":["0.1.0","0.1.1","0.1.2","0.2.0","0.3.0","0.4.0","0.5.0","0.6.0","0.7.0","0.8.0","0.9.0","0.9.1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/sqla-yaml-fixtures/PYSEC-2019-122.yaml"}}],"schema_version":"1.7.3"}