Skip to content

GitLab

  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • Adélie Package Tree Adélie Package Tree
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 403
    • Issues 403
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 21
    • Merge requests 21
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Releases
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • Adélie Linux
  • Adélie Package TreeAdélie Package Tree
  • Issues
  • #251
Closed
Open
Created Apr 03, 2020 by Emily@emily🤖

user/py3-pyyaml: CVE-2020-1747: full_load/FullLoader ACE

Bugzilla ID 251
Alias(es) CVE-2020-1747
Reporter Max Rees (sroracle)
Assignee Max Rees (sroracle)
Reported 2020-04-03 14:13:06 -0500
Modified 2020-06-15 16:39:00 -0500
Status RESOLVED FIXED
Version 1.0-RC1
Hardware Adélie Linux / All
Importance --- / normal
URL https://nvd.nist.gov/vuln/detail/CVE-2020-1747

Description

A vulnerability was discovered in the PyYAML library in versions
before 5.3.1, where it is susceptible to arbitrary code execution when
it processes untrusted YAML files through the full_load method or with
the FullLoader loader. Applications that use the library to process
untrusted input may be vulnerable to this flaw. An attacker could use
this flaw to execute arbitrary code on the system by abusing the
python/object/new constructor.

Edited Feb 02, 2022 by Zach van Rijn
Assignee
Assign to
Time tracking