CVE-2011-4104

Published: Oct 27, 2014

Modified: Aug 7, 2024

PUBLISHED

Description

The from_yaml method in serializers.py in Django Tastypie before 0.9.10 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://groups.google.com/forum/#%21topic/django-tastypie/i2aNGDHTUBI

x_refsource_CONFIRM

[oss-security] 20111102 Re: Re: CVE request for Django-piston and Tastypie

mailing-list

x_refsource_MLIST

https://www.djangoproject.com/weblog/2011/nov/01/piston-and-tastypie-security-releases/

x_refsource_MISC

https://github.com/toastdriven/django-tastypie/commit/e8af315211b07c8f48f32a063233cc3f76dd5bc2

x_refsource_CONFIRM

[oss-security] 20111102 Re: CVE request for Django-piston and Tastypie

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2011-4104

Description

Affected Products

References