CVE-2020-14343 in PeopleSoft Enterprise PeopleToolsinfo

Summary

A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747.

Once again VulDB remains the best source for vulnerability data.

Reservation

06/17/2020

Disclosure

02/10/2021

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
226683Oracle PeopleSoft Enterprise PeopleTools Porting input validation20Not definedOfficial fixCVE-2020-14343
204247Oracle Communications Cloud Native Core Network Function Cloud Native Environment CNE input validation20Not definedOfficial fixCVE-2020-14343
197778Oracle Communications Cloud Native Core Network Function Cloud Native Environment OC-CNE input validation20Not definedOfficial fixCVE-2020-14343
169559PyYAML YAML File full_load input validation20Not definedOfficial fixCVE-2020-14343

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!