A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747.

CPENameOperatorVersion
communications_cloud_native_core_network_function_cloud_native_environmenteq22.1.0
communications_cloud_native_core_network_function_cloud_native_environmenteq1.10.0
pyyamlge5.1
pyyamllt5.4

Name	Operator	Version
communications_cloud_native_core_network_function_cloud_native_environment	eq	22.1.0
communications_cloud_native_core_network_function_cloud_native_environment	eq	1.10.0
pyyaml	ge	5.1
pyyaml	lt	5.4

References

bugzilla.redhat.com/show_bug.cgi?id=1860466

github.com/SeldonIO/seldon-core/issues/2252

github.com/yaml/pyyaml/issues/420

www.oracle.com/security-alerts/cpuapr2022.html

www.oracle.com/security-alerts/cpujul2022.html

freebsd 2

nessus 49

osv 11

openvas 30

cvelist 2

nvd 2

gentoo 1

github 2

alpinelinux 2

almalinux 2

debiancve 2

redhat 3

veracode 2

mageia 2

f5 1

redhatcve 2

attackerkb 1

rocky 2

ubuntucve 2

cve 2

githubexploit 1

fedora 5

oraclelinux 2

redos 24

ubuntu 1

ibm 9

altlinux 1

prion 1

cbl_mariner 2

suse 2

photon 11

oracle 3

freebsd

PyYAML -- arbitrary code execution

2020-07-22 00:00:00

py-yaml -- FullLoader (still) exploitable for arbitrary command execution

2020-03-02 00:00:00

nessus

SUSE SLES15 Security Update : python-PyYAML (SUSE-SU-2022:2841-1)

2022-08-20 00:00:00

GLSA-202402-33 : PyYAML: Arbitrary Code Execution

2024-02-26 00:00:00

EulerOS 2.0 SP9 : PyYAML (EulerOS-SA-2021-1958)

2021-06-03 00:00:00

osv

Moderate: python38:3.8 and python38-devel:3.8 security update

2021-06-29 13:57:32

CVE-2020-14343

2021-02-09 21:15:12

Moderate: python38:3.8 and python38-devel:3.8 security update

2021-06-29 13:57:32

openvas

Huawei EulerOS: Security Advisory for PyYAML (EulerOS-SA-2021-1565)

2021-03-05 00:00:00

Huawei EulerOS: Security Advisory for PyYAML (EulerOS-SA-2021-2078)

2021-07-07 00:00:00

Huawei EulerOS: Security Advisory for pyyaml (EulerOS-SA-2021-1755)

2021-04-13 00:00:00

cvelist

CVE-2020-14343

2021-02-09 00:00:00

CVE-2020-1747

2020-03-24 13:56:37

nvd

CVE-2020-14343

2021-02-09 21:15:12

CVE-2020-1747

2020-03-24 15:15:12

gentoo

PyYAML: Arbitrary Code Execution

2024-02-26 00:00:00

github

Improper Input Validation in PyYAML

2021-03-25 21:26:26

Improper Input Validation in PyYAML

2021-04-20 16:14:24

alpinelinux

CVE-2020-14343

2021-02-09 21:15:12

CVE-2020-1747

2020-03-24 15:15:12

almalinux

Moderate: python38:3.8 and python38-devel:3.8 security update

2021-06-29 13:57:32

Moderate: python38:3.8 security, bug fix, and enhancement update

2020-11-03 12:23:02

debiancve

CVE-2020-14343

2021-02-09 21:15:12

CVE-2020-1747

2020-03-24 15:15:12

redhat

(RHSA-2021:2583) Moderate: python38:3.8 and python38-devel:3.8 security update

2021-06-29 13:57:32

(RHSA-2020:4641) Moderate: python38:3.8 security, bug fix, and enhancement update

2020-11-03 12:23:02

(RHSA-2021:4702) Moderate: Satellite 6.10 Release

2021-11-16 13:58:57

veracode

Arbitrary Code Execution

2020-10-27 05:37:05

Remote Code Execution

2020-03-03 03:39:05

mageia

Updated python-yaml packages fix security vulnerability

2021-03-12 04:25:47

Updated python-yaml packages fix security vulnerability

2020-04-03 01:48:49

K000139898: PyYAML vulnerabilities CVE-2020-1747 and CVE-2020-14343

2024-06-05 00:00:00

redhatcve

CVE-2020-14343

2020-07-24 17:37:40

CVE-2020-1747

2020-03-02 09:41:10

attackerkb

CVE-2020-14343

2021-02-09 00:00:00

rocky

python38:3.8 and python38-devel:3.8 security update

2021-06-29 13:57:32

python38:3.8 security, bug fix, and enhancement update

2020-11-03 12:23:02

ubuntucve

CVE-2020-14343

2021-02-09 00:00:00

CVE-2020-1747

2020-03-24 00:00:00

cve

CVE-2020-14343

2021-02-09 21:15:12

CVE-2020-1747

2020-03-24 15:15:12

githubexploit

Exploit for Improper Input Validation in Pyyaml

2021-06-27 06:56:15

fedora

[SECURITY] Fedora 32 Update: PyYAML-5.4.1-1.fc32

2021-01-30 01:42:55

[SECURITY] Fedora 30 Update: PyYAML-5.3.1-1.fc30

2020-03-27 10:46:20

[SECURITY] Fedora 33 Update: PyYAML-5.4.1-1.fc33

2021-01-23 01:32:47

oraclelinux

python38:3.8 and python38-devel:3.8 security update

2021-07-02 00:00:00

python38:3.8 security, bug fix, and enhancement update

2020-11-10 00:00:00

redos

ROS-2-534

2021-09-08 00:00:00

ROS-2-509

2023-07-06 00:00:00

ROS-2-539

2023-07-06 00:00:00

ubuntu

PyYAML vulnerability

2021-05-10 00:00:00

ibm

Security Bulletin: Vulnerability in PyYAML affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2020-14343]

2024-03-11 12:51:16

Security Bulletin: Vulnerability in PyYAML affects IBM Spectrum Protect Plus Container and Microsoft File Systems Agents (CVE-2020-1747)

2020-12-04 06:02:50

Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities

2020-10-09 20:01:39

altlinux

Security fix for the ALT Linux 9 package python-module-yaml version 5.4.1-alt0.p9

2021-03-22 00:00:00

prion

Input validation

2020-03-24 15:15:00

cbl_mariner

CVE-2020-1747 affecting package PyYAML for versions less than 5.4.1-1

2023-11-10 17:45:58

CVE-2020-14343 affecting package PyYAML for versions less than 5.4.1-1

2023-11-10 17:45:58

suse

Security update for python-PyYAML (important)

2020-04-12 00:00:00

Security update for python-PyYAML (important)

2020-05-11 00:00:00

photon

Critical Photon OS Security Update - PHSA-2021-0190

2021-02-02 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0361

2021-02-22 00:00:00

Critical Photon OS Security Update - PHSA-2021-3.0-0190

2021-02-02 00:00:00

oracle

Oracle Critical Patch Update Advisory - July 2022

2022-07-19 00:00:00

Oracle Critical Patch Update Advisory - April 2023

2023-04-18 00:00:00

Oracle Critical Patch Update Advisory - April 2022

2022-04-19 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

9.6 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

77.9%

JSON

Related for PRION:CVE-2020-14343