A vulnerability was discovered in the PyYAML library, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747.

Mitigation

Use yaml.safe_load or the SafeLoader loader when you parse untrusted input.

References

bugzilla.redhat.com/show_bug.cgi?id=1860466

github.com/advisories/GHSA-8q59-q68h-6hv4

nvd.nist.gov/vuln/detail/CVE-2020-14343

www.cve.org/CVERecord?id=CVE-2020-14343

freebsd 2

github 2

openvas 30

alpinelinux 2

osv 14

cvelist 2

nvd 2

gentoo 1

nessus 49

f5 1

prion 2

mageia 2

redhat 3

veracode 2

debiancve 2

almalinux 2

cve 2

githubexploit 1

ubuntucve 2

attackerkb 1

rocky 2

redos 42

oraclelinux 2

fedora 5

ubuntu 1

ibm 8

cbl_mariner 2

photon 9

redhatcve 1

altlinux 1

suse 2

freebsd

PyYAML -- arbitrary code execution

2020-07-22 00:00:00

py-yaml -- FullLoader (still) exploitable for arbitrary command execution

2020-03-02 00:00:00

github

Improper Input Validation in PyYAML

2021-03-25 21:26:26

Improper Input Validation in PyYAML

2021-04-20 16:14:24

openvas

Huawei EulerOS: Security Advisory for PyYAML (EulerOS-SA-2021-2078)

2021-07-07 00:00:00

Huawei EulerOS: Security Advisory for PyYAML (EulerOS-SA-2021-1565)

2021-03-05 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:2841-1)

2022-08-19 00:00:00

alpinelinux

CVE-2020-14343

2021-02-09 21:15:12

CVE-2020-1747

2020-03-24 15:15:12

osv

Moderate: python38:3.8 and python38-devel:3.8 security update

2021-06-29 13:57:32

CVE-2020-14343

2021-02-09 21:15:12

Moderate: python38:3.8 and python38-devel:3.8 security update

2021-06-29 13:57:32

cvelist

CVE-2020-14343

2021-02-09 00:00:00

CVE-2020-1747

2020-03-24 13:56:37

nvd

CVE-2020-14343

2021-02-09 21:15:12

CVE-2020-1747

2020-03-24 15:15:12

gentoo

PyYAML: Arbitrary Code Execution

2024-02-26 00:00:00

nessus

EulerOS 2.0 SP9 : PyYAML (EulerOS-SA-2021-1958)

2021-06-03 00:00:00

GLSA-202402-33 : PyYAML: Arbitrary Code Execution

2024-02-26 00:00:00

SUSE SLES15 Security Update : python-PyYAML (SUSE-SU-2022:2841-1)

2022-08-20 00:00:00

K000139898: PyYAML vulnerabilities CVE-2020-1747 and CVE-2020-14343

2024-06-05 00:00:00

prion

Input validation

2021-02-09 21:15:00

Input validation

2020-03-24 15:15:00

mageia

Updated python-yaml packages fix security vulnerability

2021-03-12 04:25:47

Updated python-yaml packages fix security vulnerability

2020-04-03 01:48:49

redhat

(RHSA-2021:2583) Moderate: python38:3.8 and python38-devel:3.8 security update

2021-06-29 13:57:32

(RHSA-2020:4641) Moderate: python38:3.8 security, bug fix, and enhancement update

2020-11-03 12:23:02

(RHSA-2021:4702) Moderate: Satellite 6.10 Release

2021-11-16 13:58:57

veracode

Arbitrary Code Execution

2020-10-27 05:37:05

Remote Code Execution

2020-03-03 03:39:05

debiancve

CVE-2020-14343

2021-02-09 21:15:12

CVE-2020-1747

2020-03-24 15:15:12

almalinux

Moderate: python38:3.8 and python38-devel:3.8 security update

2021-06-29 13:57:32

Moderate: python38:3.8 security, bug fix, and enhancement update

2020-11-03 12:23:02

cve

CVE-2020-14343

2021-02-09 21:15:12

CVE-2020-1747

2020-03-24 15:15:12

githubexploit

Exploit for Improper Input Validation in Pyyaml

2021-06-27 06:56:15

ubuntucve

CVE-2020-14343

2021-02-09 00:00:00

CVE-2020-1747

2020-03-24 00:00:00

attackerkb

CVE-2020-14343

2021-02-09 00:00:00

rocky

python38:3.8 and python38-devel:3.8 security update

2021-06-29 13:57:32

python38:3.8 security, bug fix, and enhancement update

2020-11-03 12:23:02

redos

ROS-2-534

2021-09-08 00:00:00

ROS-2-1261

2021-12-24 00:00:00

ROS-2-860

2024-03-13 00:00:00

oraclelinux

python38:3.8 and python38-devel:3.8 security update

2021-07-02 00:00:00

python38:3.8 security, bug fix, and enhancement update

2020-11-10 00:00:00

fedora

[SECURITY] Fedora 32 Update: PyYAML-5.4.1-1.fc32

2021-01-30 01:42:55

[SECURITY] Fedora 33 Update: PyYAML-5.4.1-1.fc33

2021-01-23 01:32:47

[SECURITY] Fedora 30 Update: PyYAML-5.3.1-1.fc30

2020-03-27 10:46:20

ubuntu

PyYAML vulnerability

2021-05-10 00:00:00

ibm

Security Bulletin: Vulnerability in PyYAML affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2020-14343]

2024-03-11 12:51:16

Security Bulletin: Vulnerability in PyYAML affects IBM Spectrum Protect Plus Container and Microsoft File Systems Agents (CVE-2020-1747)

2020-12-04 06:02:50

Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities

2020-10-09 20:01:39

cbl_mariner

CVE-2020-14343 affecting package PyYAML for versions less than 5.4.1-1

2023-11-10 17:45:58

CVE-2020-1747 affecting package PyYAML for versions less than 5.4.1-1

2023-11-10 17:45:58

photon

Critical Photon OS Security Update - PHSA-2021-0190

2021-02-02 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0361

2021-02-22 00:00:00

Critical Photon OS Security Update - PHSA-2021-3.0-0190

2021-02-02 00:00:00

redhatcve

CVE-2020-1747

2020-03-02 09:41:10

altlinux

Security fix for the ALT Linux 9 package python-module-yaml version 5.4.1-alt0.p9

2021-03-22 00:00:00

suse

Security update for python-PyYAML (important)

2020-04-12 00:00:00

Security update for python-PyYAML (important)

2020-05-11 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

EPSS

0.006

Percentile

77.9%

JSON

Related for RH:CVE-2020-14343