You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function.
CVE-2017-18342 - High Severity Vulnerability
Vulnerable Library - PyYAML-3.12.tar.gz
YAML parser and emitter for Python
Library home page: https://files.pythonhosted.org/packages/4a/85/db5a2df477072b2902b0eb892feb37d88ac635d36245a72a6a69b23b383a/PyYAML-3.12.tar.gz
Path to dependency file: dvpwa/requirements.txt
Path to vulnerable library: dvpwa/requirements.txt
Dependency Hierarchy:
Found in HEAD commit: e0712c98546c0aa6a34b22457b73b24cd8e1081b
Vulnerability Details
In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function.
Publish Date: 2018-06-27
URL: CVE-2017-18342
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2017-18342
Release Date: 2018-06-27
Fix Resolution: PyYAML - 5.1
⛑️ Automatic Remediation is available for this issue
The text was updated successfully, but these errors were encountered: