OISF suricata-update unsafely deserializes YAML data
Suricata-Update uses the insecure yaml.load() function. Code will be executed if the yaml-file contains lines like: hello: !!python/object/apply:os.system ['ls -l > /tmp/output'] The vulnerable function can be triggered by "suricata-update list-sources". The locally stored index.yaml will be loaded in this function and the malicious code gets executed.