Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pyyaml vulnerability #136

Closed
johnbradley opened this issue Jan 7, 2019 · 1 comment · Fixed by #200
Closed

pyyaml vulnerability #136

johnbradley opened this issue Jan 7, 2019 · 1 comment · Fixed by #200
Milestone
pyyaml-vulnerability

Comments

@johnbradley
Copy link
Collaborator

https://nvd.nist.gov/vuln/detail/CVE-2017-18342

Details: yaml/pyyaml#243 (comment)

The suggested version 4.1 is a prerelease so not a good option currently.

According to the details link above using yaml.safe_load instead of yaml.load fixes this issue.
@johnbradley johnbradley changed the title pyyaml vulernability pyyaml vulnerability Jan 7, 2019
@johnbradley johnbradley added this to the pyyaml-vulnerability milestone Jan 7, 2019
@johnbradley
Copy link
Collaborator Author

Partially fixed by #192.
Still need to fix instances of yaml.load.

@johnbradley johnbradley mentioned this issue May 17, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
pyyaml-vulnerability
Development

Successfully merging a pull request may close this issue.

use lando-util for VM job Duke-GCB/lando
1 participant
@johnbradley