j0lt - Security research

June 29, 2020

[CVE-2019-20478]- 0Day Deserialization Attack on ruamel.yaml

After I found PyYAML versions to be vulnerable, I started looking for other modules which are getting used as YAML parser in Python. I got to know about ruamel.yaml from yaml.org which could be vulnerable…

June 21, 2020

[CVE-2019-20477]- 0Day YAML Deserialization Attack on PyYAML version <= 5.1.2

Overview of YAML According to the definition in Wikipedia, YAML (Yet Another Markup Language) is a human-readable data serialization language, it is commonly used for configuration files and in applications where data is being stored…