Описание
PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | code not present |
| devel | not-affected | 5.3-1ubuntu2 |
| eoan | ignored | end of life |
| esm-infra-legacy/trusty | not-affected | code not present |
| esm-infra/bionic | not-affected | code not present |
| esm-infra/focal | not-affected | 5.3-1ubuntu2 |
| esm-infra/xenial | not-affected | code not present |
| focal | not-affected | 5.3-1ubuntu2 |
| precise/esm | not-affected | code not present |
| trusty | ignored | end of standard support |
Показывать по
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342.
PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342.
PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and ...
Moderate: python38:3.8 security, bug fix, and enhancement update
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3