pyyaml
summary
Arbitrary Code Execution
affected versions
*
severity
9.8

Overview

pyyaml is a YAML parser and emitter for Python.

This package is vulnerable to Arbitrary Code Execution. It processes untrusted YAML files through the full_load method or with the FullLoader loader. This is due to an incomplete fix for CVE-2020-1747.

References

Cash
$25
XP
980

Popularity
280

1.2K
529.36M