Описание
PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342.
A vulnerability was discovered in the PyYAML library, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/apply constructor.
Отчет
This issue did not affect the versions of PyYAML as shipped with Red Hat Enterprise Linux 7, and 8 as they did not include the class FullLoader, which contains this vulnerability. The PyYAML libary that is provided in the Red Hat OpenStack repositories is vulnerable. However, because there are no instances where this library is used in a way which exposes the vulnerability, the impact to OpenStack products has been reduced to 'low' and Red Hat will not be providing a fix at this time. Any updates will be through RHEL channels. Red Hat Quay 3.2 uses the vulnerable load function, but only to parse the Nginx configuration file, which only contains trusted data.
Меры по смягчению последствий
Use yaml.safe_load or the SafeLoader loader when you parse untrusted input.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | PyYAML | Out of support scope | ||
| Red Hat Enterprise Linux 7 | PyYAML | Not affected | ||
| Red Hat Enterprise Linux 8 | python27:2.7/PyYAML | Not affected | ||
| Red Hat Enterprise Linux 8 | PyYAML | Not affected | ||
| Red Hat OpenStack Platform 10 (Newton) | PyYAML | Will not fix | ||
| Red Hat OpenStack Platform 13 (Queens) | PyYAML | Will not fix | ||
| Red Hat Software Collections | python27-PyYAML | Not affected | ||
| Red Hat Software Collections | rh-python36-PyYAML | Not affected | ||
| Red Hat Software Collections | rh-python38-PyYAML | Not affected | ||
| Red Hat Enterprise Linux 8 | python38 | Fixed | RHSA-2020:4641 | 04.11.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
9.8 Critical
CVSS3
Связанные уязвимости
PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342.
PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342.
PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and ...
Moderate: python38:3.8 security, bug fix, and enhancement update
EPSS
9.8 Critical
CVSS3