[Python-modules-team] Bug#902878: pyyaml: CVE-2017-18342: still not completely fixed
merkys at debian.org
merkys at debian.org
Thu Jul 11 08:16:48 BST 2019
Hello,
According to [1] the unsafe loader yaml.UnsafeLoader is still
vulnerable, and could be used upon request. While strictly speaking the
vulnerability is fixed by using safe reader by default, I assume
complete safety can only be achieved by disabling the yaml.UnsafeLoader.
Best,
Andrius
[1] https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load(input)-Deprecation
More information about the Python-modules-team
mailing list