CVE-2020-1747 in PyYAMLinfo

Zusammenfassung

von MITRE

A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Zuständig

Red Hat, Inc.

Reservieren

27.11.2019

Moderieren

akzeptiert

Eintrag

VDB-152218

CPE

bereit

EPSS

0.05299

KEV

nein

Aktivitäten

very low

Quellen

Want to know what is going to be exploited?

We predict KEV entries!