Описание
emitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| python-django-piston | fixed | 0.2.2-2 | package |
EPSS
Процентиль: 74%
0.00821
Низкий
Связанные уязвимости
ubuntu
больше 11 лет назад
emitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method.
nvd
больше 11 лет назад
emitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method.
CVSS3: 9.8
github
больше 7 лет назад
Django-piston and Django-tastypie do not properly deserialize YAML data
EPSS
Процентиль: 74%
0.00821
Низкий