python-yaml

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Python bindings for YAML, using fast libYAML library
Version 5.1.2-1 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-843 3.13-2 5.1-1 High Fixed FS#61311
Issue Group Severity Remote Type Description
CVE-2017-18342 AVG-843 High Yes Arbitrary code execution
In PyYAML before 4.1, the yaml.load() API could execute arbitrary code. In other words, yaml.safe_load is not used.