CVE-2021-23338: qlib Deserialization of Untrusted Data vulnerability
(updated )
This affects all versions of package qlib. The workflow function in cli part of qlib was using an unsafe YAML load function.
References
Detect and mitigate CVE-2021-23338 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →