PyYAML 5.1 up to and including 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pyyaml pyyaml |
||
fedoraproject fedora 30 |
||
fedoraproject fedora 31 |