rpm package
opensuse/python-PyYAML&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/python-PyYAML&distro=openSUSE%20Tumbleweed
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-14343 | — | < 5.4.1-1.6 | 5.4.1-1.6 | Feb 9, 2021 | A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrust | ||
| CVE-2017-18342 | Cri | 9.8 | < 5.4.1-1.6 | 5.4.1-1.6 | Jun 27, 2018 | In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function. |
- CVE-2020-14343Feb 9, 2021affected < 5.4.1-1.6fixed 5.4.1-1.6
A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrust
- affected < 5.4.1-1.6fixed 5.4.1-1.6
In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function.