Vulnerabilities > CVE-2017-18342 - Deserialization of Untrusted Data vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 18 | |
| OS | 3 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1041.NASL description According to the version of the PyYAML package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In PyYAML before 4.1, the yaml.load() API could execute arbitrary code. In other words, yaml.safe_load is not used.(CVE-2017-18342) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2019-02-15 plugin id 122214 published 2019-02-15 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122214 title EulerOS 2.0 SP5 : PyYAML (EulerOS-SA-2019-1041) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(122214); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04"); script_cve_id( "CVE-2017-18342" ); script_name(english:"EulerOS 2.0 SP5 : PyYAML (EulerOS-SA-2019-1041)"); script_summary(english:"Checks the rpm output for the updated package."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing a security update."); script_set_attribute(attribute:"description", value: "According to the version of the PyYAML package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In PyYAML before 4.1, the yaml.load() API could execute arbitrary code. In other words, yaml.safe_load is not used.(CVE-2017-18342) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1041 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?eae395b8"); script_set_attribute(attribute:"solution", value: "Update the affected PyYAML package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"patch_publication_date", value:"2019/01/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/15"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:PyYAML"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["PyYAML-3.10-11.h1.eulerosv2r7"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "PyYAML"); }NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2299.NASL description According to the version of the PyYAML packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the last seen 2020-05-03 modified 2019-11-27 plugin id 131365 published 2019-11-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131365 title EulerOS 2.0 SP8 : PyYAML (EulerOS-SA-2019-2299) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(131365); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/01"); script_cve_id( "CVE-2017-18342" ); script_name(english:"EulerOS 2.0 SP8 : PyYAML (EulerOS-SA-2019-2299)"); script_summary(english:"Checks the rpm output for the updated package."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing a security update."); script_set_attribute(attribute:"description", value: "According to the version of the PyYAML packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function.(CVE-2017-18342) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2299 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?51fa915a"); script_set_attribute(attribute:"solution", value: "Update the affected PyYAML package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"patch_publication_date", value:"2019/11/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/27"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python2-pyyaml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python3-pyyaml"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu); flag = 0; pkgs = ["python2-pyyaml-4.2-0.1.b4.h1.eulerosv2r8", "python3-pyyaml-4.2-0.1.b4.h1.eulerosv2r8"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "PyYAML"); }NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1371.NASL description According to the version of the PyYAML package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342.(CVE-2019-20477) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-04-07 modified 2020-04-02 plugin id 135158 published 2020-04-02 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135158 title EulerOS Virtualization for ARM 64 3.0.6.0 : PyYAML (EulerOS-SA-2020-1371) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(135158); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/06"); script_cve_id( "CVE-2019-20477" ); script_name(english:"EulerOS Virtualization for ARM 64 3.0.6.0 : PyYAML (EulerOS-SA-2020-1371)"); script_summary(english:"Checks the rpm output for the updated package."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS Virtualization for ARM 64 host is missing a security update."); script_set_attribute(attribute:"description", value: "According to the version of the PyYAML package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342.(CVE-2019-20477) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1371 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?613c3610"); script_set_attribute(attribute:"solution", value: "Update the affected PyYAML package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"patch_publication_date", value:"2020/04/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/02"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python2-pyyaml"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.6.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (uvp != "3.0.6.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.6.0"); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu); flag = 0; pkgs = ["python2-pyyaml-4.2-0.1.b4.h3.eulerosv2r8"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "PyYAML"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-202003-45.NASL description The remote host is affected by the vulnerability described in GLSA-202003-45 (PyYAML: Arbitrary code execution) It was found that using yaml.load() API on untrusted input could lead to arbitrary code execution. Impact : A remote attacker could entice a user to process specially crafted input in an application using yaml.load() from PyYAML, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-03-26 modified 2020-03-20 plugin id 134731 published 2020-03-20 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134731 title GLSA-202003-45 : PyYAML: Arbitrary code execution NASL family Fedora Local Security Checks NASL id FEDORA_2019-BED9AFE622.NASL description New upstream release 5.1 (rhbz#1688414) Fixes CVE-2017-18342 (rhbz#1595744) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 122984 published 2019-03-21 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122984 title Fedora 29 : PyYAML (2019-bed9afe622) NASL family Fedora Local Security Checks NASL id FEDORA_2019-44643E8BCB.NASL description New upstream release 5.1 (rhbz#1688414) Fixes CVE-2017-18342 (rhbz#1595744) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 124491 published 2019-05-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124491 title Fedora 30 : PyYAML (2019-44643e8bcb) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1056.NASL description According to the version of the PyYAML package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In PyYAML before 4.1, the yaml.load() API could execute arbitrary code. In other words, yaml.safe_load is not used.(CVE-2017-18342) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2019-02-22 plugin id 122383 published 2019-02-22 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122383 title EulerOS 2.0 SP2 : PyYAML (EulerOS-SA-2019-1056) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-1_0-0224_LIBXSLT.NASL description An update of the libxslt package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 125086 published 2019-05-15 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125086 title Photon OS 1.0: Libxslt PHSA-2019-1.0-0224 NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1224.NASL description According to the version of the PyYAML package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - In PyYAML before 4.1, the yaml.load() API could execute arbitrary code. In other words, yaml.safe_load is not used.i1/4^CVE-2017-18342i1/4%0 Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-19 modified 2019-04-09 plugin id 123910 published 2019-04-09 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123910 title EulerOS Virtualization 2.5.4 : PyYAML (EulerOS-SA-2019-1224) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1040.NASL description According to the version of the PyYAML package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In PyYAML before 4.1, the yaml.load() API could execute arbitrary code. In other words, yaml.safe_load is not used.(CVE-2017-18342) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2019-02-15 plugin id 122213 published 2019-02-15 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122213 title EulerOS 2.0 SP3 : PyYAML (EulerOS-SA-2019-1040) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1083.NASL description According to the version of the PyYAML package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - In PyYAML before 4.1, the yaml.load() API could execute arbitrary code. In other words, yaml.safe_load is not used.(CVE-2017-18342) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 132837 published 2020-01-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132837 title EulerOS Virtualization for ARM 64 3.0.5.0 : PyYAML (EulerOS-SA-2020-1083) NASL family Fedora Local Security Checks NASL id FEDORA_2019-779A9DB46A.NASL description New upstream release 5.1 (rhbz#1688414) Fixes CVE-2017-18342 (rhbz#1595744) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 123041 published 2019-03-25 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123041 title Fedora 28 : PyYAML (2019-779a9db46a) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-1_0-0224_GNUTLS.NASL description An update of the gnutls package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 125085 published 2019-05-15 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125085 title Photon OS 1.0: Gnutls PHSA-2019-1.0-0224 NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-1_0-0224_PYYAML.NASL description An update of the PyYAML package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 125084 published 2019-05-15 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125084 title Photon OS 1.0: Pyyaml PHSA-2019-1.0-0224 NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_F6EA18BB65B911E98B31002590045D9C.NASL description pyyaml reports : the PyYAML.load function could be easily exploited to call any Python function. That means it could call any system command using os.system() last seen 2020-06-01 modified 2020-06-02 plugin id 124287 published 2019-04-25 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124287 title FreeBSD : py-yaml -- arbitrary code execution (f6ea18bb-65b9-11e9-8b31-002590045d9c) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1615.NASL description According to the version of the PyYAML package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - In PyYAML before 4.1, the yaml.load() API could execute arbitrary code. In other words, yaml.safe_load is not used.i1/4^CVE-2017-18342i1/4%0 Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-19 modified 2019-05-30 plugin id 125567 published 2019-05-30 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125567 title EulerOS Virtualization for ARM 64 3.0.2.0 : PyYAML (EulerOS-SA-2019-1615) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1297.NASL description According to the version of the PyYAML packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342.(CVE-2019-20477) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-03 modified 2020-03-23 plugin id 134789 published 2020-03-23 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134789 title EulerOS 2.0 SP8 : PyYAML (EulerOS-SA-2020-1297)
References
- https://github.com/yaml/pyyaml/pull/74
- https://github.com/yaml/pyyaml/blob/master/CHANGES
- https://github.com/marshmallow-code/apispec/issues/278
- https://github.com/yaml/pyyaml/issues/193
- https://security.gentoo.org/glsa/202003-45
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M6JCFGEIEOFMWWIXGHSELMKQDD4CV2BA/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSQQMRUQSXBSUXLCRD3TSZYQ7SEZRKCE/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JEX7IPV5P2QJITAMA5Z63GQCZA5I6NVZ/
- https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load%28input%29-Deprecation