EUVD-2014-0005

Malware in sbrugna...

Django-piston and Django-tastypie do not properly deserialize YAML data

emitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method. Django Tastypie has a very similar vulnerability...

GHSA-PVHP-V9QP-XF5R Django-piston and Django-tastypie do not properly deserialize YAML data

emitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method. Django Tastypie has a very similar vulnerability...

CVE-2011-4103

emitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method...

PYSEC-2014-24

emitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method...

PYSEC-2014-24

emitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method...

Design/Logic Flaw

emitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method...

CVE-2011-4103

emitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method...

CVE-2011-4103

The CVE concerns Django Piston: the emitter component (emitters.py) in Django Piston before 0.2.3 and in 0.2.x before 0.2.2.1 fails to properly deserialize YAML data, enabling remote code execution via yaml.load-related vectors. The vulnerability arises from YAML deserialization in the affected c...

CVE-2011-4103

Removed by vendor...

CVE-2011-4103

emitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method...

Potential remote code execution due to embedding of old django-piston

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-46819. panel The exposed atlassian api for forummodules found under forummodules/atlassian/api uses an outdated version of...

Potential remote code execution due to embedding of old django-piston

The exposed atlassian api for forummodules found under forummodules/atlassian/api uses an outdated version of django-piston which does not contain the fix for a remote code execution bug due to the use of yaml.load instead of safeload in the emitters.py python scripton line 412. Whilst it appears...

Potential remote code execution due to embedding of old django-piston

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-46819. panel The exposed atlassian api for forummodules found under forummodules/atlassian/api uses an outdated version of...

Debian: Security Advisory (DSA-2344-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 2344-1 (python-django-piston)

The remote host is missing an update to python-django-piston announced via advisory DSA 2344-1. OpenVAS Vulnerability Test $Id: deb23441.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2344-1 python-django-piston Authors: Thomas Reinke Copyright: Copyright ...

Debian DSA-2344-1 : python-django-piston - deserialization vulnerability

It was discovered that the Piston framework can deserializes untrusted YAML and Pickle data, leading to remote code execution CVE-2011-4103 . %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory...

[SECURITY] [DSA 2344-1] python-django-piston security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2344-1 [email protected] http://www.debian.org/security/ Florian Weimer November 11, 2011 http://www.debian.org/security/faq -...

DSA-2344-1 python-django-piston - deserialization vulnerability

Bulletin has no description...