emitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method.
References
Configurations
History
No history.
Information
Published : 2014-10-27 01:55
Updated : 2024-02-04 18:35
NVD link : CVE-2011-4103
Mitre link : CVE-2011-4103
CVE.ORG link : CVE-2011-4103
JSON object : View
Products Affected
djangoproject
- piston
CWE
CWE-20
Improper Input Validation