A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747.

CPENameOperatorVersion
pyyamleq5.3.1
pyyamleq3.05
pyyamleq5.2b1
pyyamleq3.13rc1
pyyamleq5.4b2
pyyamleq3.09
pyyamleq5.4b1
pyyamleq3.13
pyyamleq3.06
pyyamleq3.12

Name	Operator	Version
pyyaml	eq	5.3.1
pyyaml	eq	3.05
pyyaml	eq	5.2b1
pyyaml	eq	3.13rc1
pyyaml	eq	5.4b2
pyyaml	eq	3.09
pyyaml	eq	5.4b1
pyyaml	eq	3.13
pyyaml	eq	3.06
pyyaml	eq	3.12

Rows per page:

1-10 of 321

References

bugzilla.redhat.com/show_bug.cgi?id=1860466

github.com/SeldonIO/seldon-core/issues/2252

github.com/yaml/pyyaml

github.com/yaml/pyyaml/commit/a001f2782501ad2d24986959f0239a354675f9dc

github.com/yaml/pyyaml/issues/420

github.com/yaml/pyyaml/issues/420#issuecomment-663673966

nvd.nist.gov/vuln/detail/CVE-2020-14343

pypi.org/project/PyYAML

www.oracle.com/security-alerts/cpuapr2022.html

www.oracle.com/security-alerts/cpujul2022.html

nessus 49

almalinux 2

openvas 30

debiancve 2

redhat 3

veracode 2

osv 10

prion 2

mageia 2

f5 1

redhatcve 2

cve 2

githubexploit 1

alpinelinux 2

github 2

freebsd 2

cvelist 2

gentoo 1

nvd 2

attackerkb 1

rocky 2

ubuntucve 2

fedora 5

oraclelinux 2

redos 24

ubuntu 1

ibm 9

altlinux 1

cbl_mariner 2

suse 2

photon 11

oracle 3

nessus

Ubuntu 20.04 LTS : PyYAML vulnerability (USN-4940-1)

2021-05-12 00:00:00

EulerOS Virtualization 3.0.6.6 : PyYAML (EulerOS-SA-2021-2031)

2021-07-01 00:00:00

CentOS 8 : python38:3.8 and python38-devel:3.8 (CESA-2021:2583)

2021-06-29 00:00:00

almalinux

Moderate: python38:3.8 and python38-devel:3.8 security update

2021-06-29 13:57:32

Moderate: python38:3.8 security, bug fix, and enhancement update

2020-11-03 12:23:02

openvas

Huawei EulerOS: Security Advisory for pyyaml (EulerOS-SA-2021-1755)

2021-04-13 00:00:00

Huawei EulerOS: Security Advisory for PyYAML (EulerOS-SA-2021-1958)

2021-06-07 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:3231-1)

2022-09-12 00:00:00

debiancve

CVE-2020-14343

2021-02-09 21:15:12

CVE-2020-1747

2020-03-24 15:15:12

redhat

(RHSA-2021:2583) Moderate: python38:3.8 and python38-devel:3.8 security update

2021-06-29 13:57:32

(RHSA-2020:4641) Moderate: python38:3.8 security, bug fix, and enhancement update

2020-11-03 12:23:02

(RHSA-2021:4702) Moderate: Satellite 6.10 Release

2021-11-16 13:58:57

veracode

Arbitrary Code Execution

2020-10-27 05:37:05

Remote Code Execution

2020-03-03 03:39:05

osv

CVE-2020-14343

2021-02-09 21:15:12

Moderate: python38:3.8 and python38-devel:3.8 security update

2021-06-29 13:57:32

PYSEC-2021-142

2021-02-09 21:15:00

prion

Input validation

2021-02-09 21:15:00

Input validation

2020-03-24 15:15:00

mageia

Updated python-yaml packages fix security vulnerability

2021-03-12 04:25:47

Updated python-yaml packages fix security vulnerability

2020-04-03 01:48:49

K000139898: PyYAML vulnerabilities CVE-2020-1747 and CVE-2020-14343

2024-06-05 00:00:00

redhatcve

CVE-2020-14343

2020-07-24 17:37:40

CVE-2020-1747

2020-03-02 09:41:10

cve

CVE-2020-14343

2021-02-09 21:15:12

CVE-2020-1747

2020-03-24 15:15:12

githubexploit

Exploit for Improper Input Validation in Pyyaml

2021-06-27 06:56:15

alpinelinux

CVE-2020-14343

2021-02-09 21:15:12

CVE-2020-1747

2020-03-24 15:15:12

github

Improper Input Validation in PyYAML

2021-03-25 21:26:26

Improper Input Validation in PyYAML

2021-04-20 16:14:24

freebsd

PyYAML -- arbitrary code execution

2020-07-22 00:00:00

py-yaml -- FullLoader (still) exploitable for arbitrary command execution

2020-03-02 00:00:00

cvelist

CVE-2020-14343

2021-02-09 00:00:00

CVE-2020-1747

2020-03-24 13:56:37

gentoo

PyYAML: Arbitrary Code Execution

2024-02-26 00:00:00

nvd

CVE-2020-14343

2021-02-09 21:15:12

CVE-2020-1747

2020-03-24 15:15:12

attackerkb

CVE-2020-14343

2021-02-09 00:00:00

rocky

python38:3.8 and python38-devel:3.8 security update

2021-06-29 13:57:32

python38:3.8 security, bug fix, and enhancement update

2020-11-03 12:23:02

ubuntucve

CVE-2020-14343

2021-02-09 00:00:00

CVE-2020-1747

2020-03-24 00:00:00

fedora

[SECURITY] Fedora 32 Update: PyYAML-5.4.1-1.fc32

2021-01-30 01:42:55

[SECURITY] Fedora 30 Update: PyYAML-5.3.1-1.fc30

2020-03-27 10:46:20

[SECURITY] Fedora 33 Update: PyYAML-5.4.1-1.fc33

2021-01-23 01:32:47

oraclelinux

python38:3.8 and python38-devel:3.8 security update

2021-07-02 00:00:00

python38:3.8 security, bug fix, and enhancement update

2020-11-10 00:00:00

redos

ROS-2-534

2021-09-08 00:00:00

ROS-2-509

2023-07-06 00:00:00

ROS-2-723

2021-09-08 00:00:00

ubuntu

PyYAML vulnerability

2021-05-10 00:00:00

ibm

Security Bulletin: Vulnerability in PyYAML affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2020-14343]

2024-03-11 12:51:16

Security Bulletin: Vulnerability in PyYAML affects IBM Spectrum Protect Plus Container and Microsoft File Systems Agents (CVE-2020-1747)

2020-12-04 06:02:50

Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities

2020-10-09 20:01:39

altlinux

Security fix for the ALT Linux 9 package python-module-yaml version 5.4.1-alt0.p9

2021-03-22 00:00:00

cbl_mariner

CVE-2020-1747 affecting package PyYAML for versions less than 5.4.1-1

2023-11-10 17:45:58

CVE-2020-14343 affecting package PyYAML for versions less than 5.4.1-1

2023-11-10 17:45:58

suse

Security update for python-PyYAML (important)

2020-04-12 00:00:00

Security update for python-PyYAML (important)

2020-05-11 00:00:00

photon

Critical Photon OS Security Update - PHSA-2021-0190

2021-02-02 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0361

2021-02-22 00:00:00

Critical Photon OS Security Update - PHSA-2021-3.0-0190

2021-02-02 00:00:00

oracle

Oracle Critical Patch Update Advisory - July 2022

2022-07-19 00:00:00

Oracle Critical Patch Update Advisory - April 2023

2023-04-18 00:00:00

Oracle Critical Patch Update Advisory - April 2022

2022-04-19 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.006 Low

EPSS

Percentile

77.9%

JSON

Related for OSV:GHSA-8Q59-Q68H-6HV4