.avif)
View all vulnerabilities
CVE-2017-18342
PyYAML insecurely deserializes YAML strings leading to arbitrary code execution
Description
In PyYAML before 4.1, the `yaml.load()` API could execute arbitrary code. In other words, `yaml.safe_load` is not used.
Patch Available
Fix available through Seal Security. No upgrade required, protect your application instantly.
Fix without upgradingVulnerability Details
Score
9.8
Score Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Versions
pyyaml < 4.1
Severity
Critical
Critical
Critical
Ecosystem
Python
Publish Date
January 4, 2019
Modified Date
October 16, 2024