You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Application: New App Test Component: New App Test Component Build file: Security-Phoenix-demo/vulnerablecode:requirements.txt url:https://snyk.io/vuln/SNYK-PYTHON-PYYAML-590151 isIgnored: false isPatched: false isPinnable: true isPatchable: false pkgVersions: 5.3.1 disclosureTime: 2020-07-22T00:00:00Z exploitMaturity: mature publicationTime: 2020-07-26T13:45:01Z isPartiallyFixable: true
Details
Overview
Affected versions of this package are vulnerable to Arbitrary Code Execution. It processes untrusted YAML files through the full_load method or with the FullLoader loader. This is due to an incomplete fix for CVE-2020-1747.
This vulnerability's risk is Critical because the base severity is High
with a CVSS value of 9, the probability of exploitation in the wild is Low and it is visible externally.
The SLA for this vulnerability is above the organization tolerance.
Info
Application: New App Test
Component: New App Test Component
Build file: Security-Phoenix-demo/vulnerablecode:requirements.txt
url: https://snyk.io/vuln/SNYK-PYTHON-PYYAML-590151
isIgnored: false
isPatched: false
isPinnable: true
isPatchable: false
pkgVersions: 5.3.1
disclosureTime: 2020-07-22T00:00:00Z
exploitMaturity: mature
publicationTime: 2020-07-26T13:45:01Z
isPartiallyFixable: true
Details
Overview
Affected versions of this package are vulnerable to Arbitrary Code Execution. It processes untrusted YAML files through the
full_load
method or with theFullLoader
loader. This is due to an incomplete fix for CVE-2020-1747.Remediation
Upgrade
PyYAML
to version 5.4 or higher.References
Risk Context
This vulnerability's risk is Critical because the base severity is High
with a CVSS value of 9, the probability of exploitation in the wild is Low and it is visible externally.
The SLA for this vulnerability is above the organization tolerance.
Link to vulnerability
Created by Phoenix Security
The text was updated successfully, but these errors were encountered: