python-yaml
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | Python bindings for YAML, using fast libYAML library |
| Version | 6.0.3-1 [extra] |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-1459 | 5.3.1-4 | 5.4.1.1-1 | Medium | Fixed | |
| AVG-843 | 3.13-2 | 5.1-1 | High | Fixed | FS#61311 |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2020-14343 | AVG-1459 | Medium | No | Arbitrary code execution | A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted... |
| CVE-2017-18342 | AVG-843 | High | Yes | Arbitrary code execution | In PyYAML before 4.1, the yaml.load() API could execute arbitrary code. In other words, yaml.safe_load is not used. |