A vulnerability was discovered in the PyYAML library, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747 (CVE-2020-14343).

OSVersionArchitecturePackageVersionFilename
Mageia7noarchpython-yaml< 5.3.1-1.1python-yaml-5.3.1-1.1.mga7

OS	Version	Architecture	Package	Version	Filename
Mageia	7	noarch	python-yaml	< 5.3.1-1.1	python-yaml-5.3.1-1.1.mga7

References

bugs.mageia.org/show_bug.cgi?id=28205

lists.fedoraproject.org/archives/list/[email protected]/thread/MMQXSZXNJT6ERABJZAAICI3DQSQLCP3D/

nessus 49

osv 11

alpinelinux 2

cvelist 2

gentoo 1

freebsd 2

openvas 30

github 2

prion 2

veracode 2

redhatcve 2

redhat 3

attackerkb 1

rocky 2

ubuntucve 2

debiancve 2

almalinux 2

githubexploit 1

cve 2

fedora 5

oraclelinux 2

redos 18

ubuntu 1

ibm 9

photon 11

cbl_mariner 2

mageia 1

suse 2

altlinux 1

oracle 3

nessus

EulerOS Virtualization for ARM 64 3.0.6.0 : PyYAML (EulerOS-SA-2021-1565)

2021-03-04 00:00:00

EulerOS 2.0 SP9 : PyYAML (EulerOS-SA-2021-1958)

2021-06-03 00:00:00

GLSA-202402-33 : PyYAML: Arbitrary Code Execution

2024-02-26 00:00:00

osv

Moderate: python38:3.8 and python38-devel:3.8 security update

2021-06-29 13:57:32

CVE-2020-14343

2021-02-09 21:15:12

Moderate: python38:3.8 and python38-devel:3.8 security update

2021-06-29 13:57:32

alpinelinux

CVE-2020-14343

2021-02-09 21:15:00

CVE-2020-1747

2020-03-24 15:15:00

cvelist

CVE-2020-14343

2021-02-09 00:00:00

CVE-2020-1747

2020-03-24 13:56:37

gentoo

PyYAML: Arbitrary Code Execution

2024-02-26 00:00:00

freebsd

PyYAML -- arbitrary code execution

2020-07-22 00:00:00

py-yaml -- FullLoader (still) exploitable for arbitrary command execution

2020-03-02 00:00:00

openvas

Huawei EulerOS: Security Advisory for PyYAML (EulerOS-SA-2021-2078)

2021-07-07 00:00:00

Huawei EulerOS: Security Advisory for PyYAML (EulerOS-SA-2021-1565)

2021-03-05 00:00:00

Huawei EulerOS: Security Advisory for PyYAML (EulerOS-SA-2021-1723)

2021-04-13 00:00:00

github

Improper Input Validation in PyYAML

2021-03-25 21:26:26

Improper Input Validation in PyYAML

2021-04-20 16:14:24

prion

Input validation

2021-02-09 21:15:00

Input validation

2020-03-24 15:15:00

veracode

Arbitrary Code Execution

2020-10-27 05:37:05

Remote Code Execution

2020-03-03 03:39:05

redhatcve

CVE-2020-14343

2020-07-24 17:37:40

CVE-2020-1747

2020-03-02 09:41:10

redhat

(RHSA-2021:2583) Moderate: python38:3.8 and python38-devel:3.8 security update

2021-06-29 13:57:32

(RHSA-2020:4641) Moderate: python38:3.8 security, bug fix, and enhancement update

2020-11-03 12:23:02

(RHSA-2021:4702) Moderate: Satellite 6.10 Release

2021-11-16 13:58:57

attackerkb

CVE-2020-14343

2021-02-09 00:00:00

rocky

python38:3.8 and python38-devel:3.8 security update

2021-06-29 13:57:32

python38:3.8 security, bug fix, and enhancement update

2020-11-03 12:23:02

ubuntucve

CVE-2020-14343

2021-02-09 00:00:00

CVE-2020-1747

2020-03-24 00:00:00

debiancve

CVE-2020-14343

2021-02-09 21:15:00

CVE-2020-1747

2020-03-24 15:15:00

almalinux

Moderate: python38:3.8 and python38-devel:3.8 security update

2021-06-29 13:57:32

Moderate: python38:3.8 security, bug fix, and enhancement update

2020-11-03 12:23:02

githubexploit

Exploit for Improper Input Validation in Pyyaml

2021-06-27 06:56:15

cve

CVE-2020-14343

2021-02-09 21:15:00

CVE-2020-1747

2020-03-24 15:15:00

fedora

[SECURITY] Fedora 32 Update: PyYAML-5.4.1-1.fc32

2021-01-30 01:42:55

[SECURITY] Fedora 33 Update: PyYAML-5.4.1-1.fc33

2021-01-23 01:32:47

[SECURITY] Fedora 30 Update: PyYAML-5.3.1-1.fc30

2020-03-27 10:46:20

oraclelinux

python38:3.8 and python38-devel:3.8 security update

2021-07-02 00:00:00

python38:3.8 security, bug fix, and enhancement update

2020-11-10 00:00:00

redos

ROS-2-534

2021-09-08 00:00:00

ROS-2-509

2021-12-24 00:00:00

ROS-2-723

2021-09-08 00:00:00

ubuntu

PyYAML vulnerability

2021-05-10 00:00:00

ibm

Security Bulletin: Vulnerability in PyYAML affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2020-14343]

2024-03-11 12:51:16

Security Bulletin: Vulnerability in PyYAML affects IBM Spectrum Protect Plus Container and Microsoft File Systems Agents (CVE-2020-1747)

2020-12-04 06:02:50

Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities

2020-10-09 20:01:39

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0361

2021-02-22 00:00:00

Critical Photon OS Security Update - PHSA-2021-0190

2021-02-02 00:00:00

Critical Photon OS Security Update - PHSA-2021-3.0-0190

2021-02-02 00:00:00

cbl_mariner

CVE-2020-14343 affecting package PyYAML for versions less than 5.4.1-1

2023-11-10 17:45:58

CVE-2020-1747 affecting package PyYAML for versions less than 5.4.1-1

2023-11-10 17:45:58

mageia

Updated python-yaml packages fix security vulnerability

2020-04-03 01:48:49

suse

Security update for python-PyYAML (important)

2020-04-12 00:00:00

Security update for python-PyYAML (important)

2020-05-11 00:00:00

altlinux

Security fix for the ALT Linux 9 package python-module-yaml version 5.4.1-alt0.p9

2021-03-22 00:00:00

oracle

Oracle Critical Patch Update Advisory - July 2022

2022-07-19 00:00:00

Oracle Critical Patch Update Advisory - April 2023

2023-04-18 00:00:00

Oracle Critical Patch Update Advisory - April 2022

2022-04-19 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.006 Low

EPSS

Percentile

77.8%

JSON

Related for MGASA-2021-0119