Published: 19/02/2020 Updated: 07/11/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

PyYAML 5.1 up to and including 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342.

Vulnerable Product	Search on Vulmon	Subscribe to Product
pyyaml pyyaml
fedoraproject fedora 30
fedoraproject fedora 31

Synopsis Moderate: Red Hat Quay v340 security update Type/Severity Security Advisory: Moderate Topic Red Hat Quay 340 is now available with bug fixes and variousenhancementsRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVS ...

Synopsis Moderate: python38:38 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for the python38:38 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vul ...

CWE-502 https://www.exploit-db.com/download/47655 https://github.com/yaml/pyyaml/blob/master/CHANGES https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/52N5XS73Z5S4ZN7I7R56ICCPCTKCUV4H/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33VBUY73AA6CTTYL3LRWHNFDULV7PFPN/https://access.redhat.com/errata/RHSA-2021:0420 https://nvd.nist.gov

CVE-2019-20477

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect