CVE-2011-4103

emitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method.
Configurations

Configuration 1 (hide)

cpe:2.3:a:djangoproject:piston:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2014-10-27 01:55

Updated : 2024-02-04 18:35


NVD link : CVE-2011-4103

Mitre link : CVE-2011-4103

CVE.ORG link : CVE-2011-4103


JSON object : View

Products Affected

djangoproject

  • piston
CWE
CWE-20

Improper Input Validation