VYPR

PyPI package

pyyaml

pkg:pypi/pyyaml

Vulnerabilities (4)

  • CVE-2020-14343Feb 9, 2021
    affected < 5.4fixed 5.4

    A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrust

  • CVE-2020-1747Mar 24, 2020
    affected >= 5.1b7, < 5.3.1fixed 5.3.1

    A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untru

  • CVE-2019-20477Feb 19, 2020
    affected >= 5.1, < 5.2fixed 5.2

    PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342.

  • CVE-2017-18342CriJun 27, 2018
    affected < 4.1fixed 4.1

    In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function.