python-yaml
Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
Description | Python bindings for YAML, using fast libYAML library |
Version |
6.0.2-2 [extra-testing] 6.0.2-1 [extra] |
Resolved
Group | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|
AVG-1459 | 5.3.1-4 | 5.4.1.1-1 | Medium | Fixed | |
AVG-843 | 3.13-2 | 5.1-1 | High | Fixed | FS#61311 |
Issue | Group | Severity | Remote | Type | Description |
---|---|---|---|---|---|
CVE-2020-14343 | AVG-1459 | Medium | No | Arbitrary code execution | A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted... |
CVE-2017-18342 | AVG-843 | High | Yes | Arbitrary code execution | In PyYAML before 4.1, the yaml.load() API could execute arbitrary code. In other words, yaml.safe_load is not used. |