CVE-2017-18342

In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function.
Configurations

Configuration 1 (hide)

cpe:2.3:a:pyyaml:pyyaml:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-06-27 12:29

Updated : 2024-02-04 19:46


NVD link : CVE-2017-18342

Mitre link : CVE-2017-18342

CVE.ORG link : CVE-2017-18342


JSON object : View

Products Affected

pyyaml

  • pyyaml

fedoraproject

  • fedora
CWE
CWE-502

Deserialization of Untrusted Data