Vulnerabilities > Pyyaml
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-02-09 | CVE-2020-14343 | Improper Input Validation vulnerability in multiple products A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. | 9.8 |
2020-03-24 | CVE-2020-1747 | A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. | 9.8 |
2020-02-19 | CVE-2019-20477 | Deserialization of Untrusted Data vulnerability in multiple products PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. | 9.8 |
2018-06-27 | CVE-2017-18342 | Deserialization of Untrusted Data vulnerability in multiple products In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. | 9.8 |