Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2020-1747

Опубликовано: 24 мар. 2020
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS2: 10
CVSS3: 9.8

Описание

A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor.

РелизСтатусПримечание
bionic

not-affected

code not present
devel

not-affected

5.3-2
eoan

ignored

end of life
esm-infra-legacy/trusty

not-affected

code not present
esm-infra/bionic

not-affected

code not present
esm-infra/focal

not-affected

5.3-2
esm-infra/xenial

not-affected

code not present
focal

not-affected

5.3-2
precise/esm

not-affected

code not present
trusty

ignored

end of standard support

Показывать по

EPSS

Процентиль: 82%
0.01681
Низкий

10 Critical

CVSS2

9.8 Critical

CVSS3

Связанные уязвимости

CVSS3: 9.8
redhat
больше 5 лет назад

A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor.

CVSS3: 9.8
nvd
больше 5 лет назад

A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor.

CVSS3: 9.8
msrc
почти 2 года назад

Описание отсутствует

CVSS3: 9.8
debian
больше 5 лет назад

A vulnerability was discovered in the PyYAML library in versions befor ...

suse-cvrf
около 5 лет назад

Security update for python-PyYAML

EPSS

Процентиль: 82%
0.01681
Низкий

10 Critical

CVSS2

9.8 Critical

CVSS3