Lucene search
HistoryOct 27, 2014 - 1:55 a.m.
CVE-2011-4103
cve-2011-4103
django piston
remote code execution
yaml deserialization
nvd
7.3 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.011 Low
EPSS
Percentile
84.0%
emitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method.
| CPE | Name | Operator | Version |
|---|---|---|---|
| djangoproject:piston | djangoproject piston | le | 0.2.2.0 |
Related
prion
prion
Design/Logic Flaw
2014-10-27 01:55:00
debiancve
debiancve
CVE-2011-4103
2014-10-27 01:55:00
nessus
nessus
Debian DSA-2344-1 : python-django-piston - deserialization vulnerability
2011-11-14 00:00:00
openvas
openvas
Debian Security Advisory DSA 2344-1 (python-django-piston)
2012-02-11 00:00:00
Debian: Security Advisory (DSA-2344-1)
2012-02-11 00:00:00
github
github
Django-piston and Django-tastypie do not properly deserialize YAML data
2018-07-23 19:50:48
ubuntucve
ubuntucve
CVE-2011-4103
2014-10-27 00:00:00
osv
osv
Django-piston and Django-tastypie do not properly deserialize YAML data
2018-07-23 19:50:48
python-django-piston - deserialization vulnerability
2011-11-11 00:00:00
PYSEC-2014-24
2014-10-27 01:55:00
debian
debian
[SECURITY] [DSA 2344-1] python-django-piston security update
2011-11-11 20:36:37
7.3 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.011 Low
EPSS
Percentile
84.0%
Related for CVE-2011-4103