The from_yaml method in serializers.py in Django Tastypie prior to 0.9.10 does not properly deserialize YAML data, which allows remote malicious users to execute arbitrary Python code via vectors related to the yaml.load method.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
djangoproject tastypie |