Open mend-bolt-for-github[bot] opened 5 years ago
YAML parser and emitter for Python
path: /tender_samet/requirements.txt
Library home page: https://pypi.python.org/packages/4a/85/db5a2df477072b2902b0eb892feb37d88ac635d36245a72a6a69b23b383a/PyYAML-3.12.tar.gz
In PyYAML before 4.1, the yaml.load() API could execute arbitrary code. In other words, yaml.safe_load is not used.
Publish Date: 2018-06-27
URL: CVE-2017-18342
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2017-18342
Release Date: 2018-06-27
Fix Resolution: 4.1
Step up your Open Source Security Game with WhiteSource here
CVE-2017-18342 - High Severity Vulnerability
YAML parser and emitter for Python
path: /tender_samet/requirements.txt
Library home page: https://pypi.python.org/packages/4a/85/db5a2df477072b2902b0eb892feb37d88ac635d36245a72a6a69b23b383a/PyYAML-3.12.tar.gz
Dependency Hierarchy: - :x: **PyYAML-3.12.tar.gz** (Vulnerable Library)In PyYAML before 4.1, the yaml.load() API could execute arbitrary code. In other words, yaml.safe_load is not used.
Publish Date: 2018-06-27
URL: CVE-2017-18342
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2017-18342
Release Date: 2018-06-27
Fix Resolution: 4.1
Step up your Open Source Security Game with WhiteSource here