Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2020-14343

Опубликовано: 09 фев. 2021
Источник: debian
EPSS Средний

Описание

A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
pyyamlfixed5.3.1-4package
pyyamlnot-affectedbusterpackage
pyyamlnot-affectedstretchpackage

Примечания

  • https://github.com/yaml/pyyaml/issues/420

  • Fixed via: https://github.com/yaml/pyyaml/pull/472

  • https://github.com/yaml/pyyaml/commit/7adc0db3f613a82669f2b168edd98379b83adb3c

  • CVE is for an incomplete fix of CVE-2020-1747.

EPSS

Процентиль: 94%
0.13704
Средний

Связанные уязвимости

ubuntu логотип

CVE-2020-14343

CVSS3: 9.8
ubuntu
почти 5 лет назад

A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747.

redhat логотип

CVE-2020-14343

CVSS3: 9.8
redhat
больше 5 лет назад

A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747.

nvd логотип

CVE-2020-14343

CVSS3: 9.8
nvd
почти 5 лет назад

A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747.

msrc логотип

CVE-2020-14343

CVSS3: 9.8
msrc
около 2 лет назад

Описание отсутствует

suse-cvrf логотип

SUSE-SU-2022:3231-1

suse-cvrf
больше 3 лет назад

Security update for python-PyYAML

EPSS

Процентиль: 94%
0.13704
Средний