python-yaml

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Python bindings for YAML, using fast libYAML library
Version 6.0.2-2 [extra-testing]
6.0.2-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1459 5.3.1-4 5.4.1.1-1 Medium Fixed
AVG-843 3.13-2 5.1-1 High Fixed FS#61311
Issue Group Severity Remote Type Description
CVE-2020-14343 AVG-1459 Medium No Arbitrary code execution
A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted...
CVE-2017-18342 AVG-843 High Yes Arbitrary code execution
In PyYAML before 4.1, the yaml.load() API could execute arbitrary code. In other words, yaml.safe_load is not used.