Improper Control of Generation of Code ('Code Injection')
Sqla_yaml_fixtures allows local users to execute arbitrary python code via the fixture_text argument in sqla_yaml_fixtures.load.
Advisories for Pypi/Sqla-Yaml-Fixtures package
2019
Sqla_yaml_fixtures allows local users to execute arbitrary python code via the fixture_text argument in sqla_yaml_fixtures.load.