Skip to content

Commit

Permalink
Update controller.py (#13)
Browse files Browse the repository at this point in the history 
It is reported that in PyYAML before 4.1, usage of yaml.load() function on untrusted input could lead to arbitrary code execution. It is therefore recommended to use yaml.safe_load() instead. With 4.1, yaml.load() has been changed to call safe_load().

* Report:          http://seclists.org/oss-sec/2018/q2/240
* Upstream change: yaml/pyyaml#74
* CVE:             pending

--

Gentoo Security Scout
Vladimir Krstulja
  • Loading branch information
@cz-themax
cz-themax committed Jan 15, 2022
1 parent 61f5135 commit b0cb2d0
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion amdgpu_fan/controller.py
View file
Expand Up @@ -41,7 +41,7 @@ def main(self):
def load_config(path):
logger.debug(f'loading config from {path}')
with open(path) as f:
return yaml.load(f)
return yaml.safe_load(f)


def main():
Expand Down

0 comments on commit b0cb2d0

Please sign in to comment.