VYPR

rpm package

opensuse/python-PyYAML&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/python-PyYAML&distro=openSUSE%20Tumbleweed

Vulnerabilities (2)

  • CVE-2020-14343Feb 9, 2021
    affected < 5.4.1-1.6fixed 5.4.1-1.6

    A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrust

  • CVE-2017-18342CriJun 27, 2018
    affected < 5.4.1-1.6fixed 5.4.1-1.6

    In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function.