Lucene search
GoogleOSV:GHSA-3PQX-4FQF-J49FHistoryApr 20, 2021 - 4:40 p.m.
Deserialization of Untrusted Data in PyYAML
2021-04-2016:40:42
Google
osv.dev
17
0.175 Low
EPSS
Percentile
96.2%
PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342.
References
github.com/yaml/pyyaml
github.com/yaml/pyyaml/blob/master/CHANGES
lists.fedoraproject.org/archives/list/[email protected]/message/33VBUY73AA6CTTYL3LRWHNFDULV7PFPN
lists.fedoraproject.org/archives/list/[email protected]/message/52N5XS73Z5S4ZN7I7R56ICCPCTKCUV4H
nvd.nist.gov/vuln/detail/CVE-2019-20477
www.exploit-db.com/download/47655
Related
nessus
nessus
EulerOS 2.0 SP8 : PyYAML (EulerOS-SA-2020-1297)
2020-03-23 00:00:00
EulerOS Virtualization for ARM 64 3.0.6.0 : PyYAML (EulerOS-SA-2020-1371)
2020-04-02 00:00:00
RHEL 6 : pyyaml (Unpatched Vulnerability)
2024-05-11 00:00:00
nvd
nvd
CVE-2019-20477
2020-02-19 04:15:10
CVE-2017-18342
2018-06-27 12:29:00
github
github
Deserialization of Untrusted Data in PyYAML
2021-04-20 16:40:42
autogluon.multimodal vulnerable to unsafe YAML deserialization
2022-09-21 21:42:05
ubuntucve
ubuntucve
CVE-2019-20477
2020-02-19 00:00:00
CVE-2017-18342
2018-06-27 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2020-02-20 05:56:00
Remote Code Execution (RCE)
2018-06-28 03:18:11
debiancve
debiancve
CVE-2019-20477
2020-02-19 04:15:10
CVE-2017-18342
2018-06-27 12:29:00
cvelist
cvelist
CVE-2019-20477
2020-02-19 03:09:21
CVE-2017-18342
2018-06-27 12:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for PyYAML (EulerOS-SA-2020-1297)
2020-03-23 00:00:00
Huawei EulerOS: Security Advisory for PyYAML (EulerOS-SA-2020-1371)
2020-04-01 00:00:00
Huawei EulerOS: Security Advisory for PyYAML (EulerOS-SA-2020-2269)
2020-10-30 00:00:00
prion
prion
Deserialization of untrusted data
2020-02-19 04:15:00
Code injection
2018-06-27 12:29:00
cve
cve
CVE-2019-20477
2020-02-19 04:15:10
CVE-2017-18342
2018-06-27 12:29:00
osv
osv
PYSEC-2020-176
2020-02-19 04:15:00
CVE-2019-20477
2020-02-19 04:15:10
autogluon.multimodal vulnerable to unsafe YAML deserialization
2022-09-21 21:42:05
redhatcve
redhatcve
CVE-2019-20477
2020-04-05 23:11:41
CVE-2017-18342
2020-03-29 01:58:56
freebsd
freebsd
py-yaml -- arbitrary code execution
2018-06-27 00:00:00
fedora
fedora
[SECURITY] Fedora 28 Update: PyYAML-5.1-1.fc28
2019-03-23 02:25:40
[SECURITY] Fedora 30 Update: PyYAML-5.3-2.fc30
2020-02-29 22:46:21
[SECURITY] Fedora 31 Update: PyYAML-5.3-2.fc31
2020-02-29 22:32:20
mageia
mageia
Updated python-yaml packages fix security vulnerability
2019-04-05 21:12:59
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2020-2.0-0217
2020-03-08 00:00:00
Critical Photon OS Security Update - PHSA-2020-0067
2020-03-09 00:00:00
Critical Photon OS Security Update - PHSA-2020-0217
2020-03-08 00:00:00
gentoo
gentoo
PyYAML: Arbitrary code execution
2020-03-19 00:00:00
f5
f5
K000139901: PyYAML vulnerability CVE-2017-18342
2024-06-05 00:00:00
redhat
redhat
(RHSA-2020:4641) Moderate: python38:3.8 security, bug fix, and enhancement update
2020-11-03 12:23:02
(RHSA-2021:0420) Moderate: Red Hat Quay v3.4.0 security update
2021-02-04 16:10:17
oraclelinux
oraclelinux
python38:3.8 security, bug fix, and enhancement update
2020-11-10 00:00:00
ol-automation-manager security update
2022-04-27 00:00:00
almalinux
almalinux
Moderate: python38:3.8 security, bug fix, and enhancement update
2020-11-03 12:23:02
rocky
rocky
python38:3.8 security, bug fix, and enhancement update
2020-11-03 12:23:02
