CVE-2017-18342

Published: Jun 27, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/yaml/pyyaml/pull/74

x_refsource_MISC

https://github.com/yaml/pyyaml/blob/master/CHANGES

x_refsource_MISC

FEDORA-2019-bed9afe622

vendor-advisory

x_refsource_FEDORA

FEDORA-2019-779a9db46a

vendor-advisory

x_refsource_FEDORA

FEDORA-2019-44643e8bcb

vendor-advisory

x_refsource_FEDORA

https://github.com/marshmallow-code/apispec/issues/278

x_refsource_MISC

https://github.com/yaml/pyyaml/issues/193

x_refsource_MISC

https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load%28input%29-Deprecation

x_refsource_MISC

GLSA-202003-45

vendor-advisory

x_refsource_GENTOO

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2017-18342

Description

Affected Products

References