Remote Code Execution (RCE)

pyyaml is vulnerable to remote code execution RCE attacks. The application uses the unsafe function yaml.load, allowing a malicious user to inject and execute arbitrary code by passing a yaml file...

Code injection

In PyYAML before 5.1, the yaml.load API could execute arbitrary code if used with untrusted data. The load function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function...

CVE-2017-18342

In PyYAML before 5.1, the yaml.load API could execute arbitrary code if used with untrusted data. The load function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function...

CVE-2018-12565

An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load instead of yaml.safeload when parsing user data, remote code execution can occur...

CVE-2018-12565

An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load instead of yaml.safeload when parsing user data, remote code execution can occur...

CVE-2018-12565

CVE-2018-12565 affects Linaro LAVA prior to 2018.5.post1. The root cause is parsing user data with yaml.load() instead of yaml.safe_load(), which can enable remote code execution. Documents do not provide a confirmed exploit method or patches within the LAVA project; no explicit remediation versi...

Remote Code Execution (RCE)

resteasy-yaml-provider is vulnerable to remote code execution RCE attacks. These attacks are possible because of an incomplete fix for CVE-2016-9606 which still uses Yaml.load in the YamlProvider. This issue only affects applications which have the YamlProvider explicitly enabled by adding or...

Remote Code Execution (RCE)

django-make-app is vulnerable to remote code execution RCE attacks. The vulnerability exists due to the usage of the insecure usage of YAML.load...

Remote Code Execution (RCE)

djangomakeapp is vulnerable to remote code execution RCE attacks. The attacks can happen because the ioutils.py file allows users to parse a yaml file to generate django apps, allowing attackers to inject and execute arbitrary python commands through the yaml.load function of the YAML parser...

Remote Code Execution (RCE) Through YAML Deserialization

mcollective-client is vulnerable to Remote Code Execution RCE Through YAML Deserialization. The library uses the insecure YAML.load method to deserialize yaml files. This can allow a malicious user to inject and execute arbitrary code by sending a yaml file to the system...

Remote Code Execution (RCE)

salt is vulnerable to remote code execution RCE. A malicious user can pass a custom yaml file with arbitrary code due to the YAML.load method being insecure...

CVE-2011-4953

The setmgmtparameters function in item.py in cobbler before 2.2.2 allows context-dependent attackers to execute arbitrary code via vectors related to the use of the yaml.load function instead of the yaml.safeload function, as demonstrated using Puppet...

CVE-2011-4104

The fromyaml method in serializers.py in Django Tastypie before 0.9.10 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method...

Design/Logic Flaw

emitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method...

CVE-2011-4953

The setmgmtparameters function in item.py in cobbler before 2.2.2 allows context-dependent attackers to execute arbitrary code via vectors related to the use of the yaml.load function instead of the yaml.safeload function, as demonstrated using Puppet...

CVE-2011-4953

CVE-2011-4953 affects cobbler prior to 2.2.2 where set_mgmt_parameters in item.py uses yaml.load instead of yaml.safe_load, enabling code execution via crafted input (e.g., Puppet). OpenSUSE and GHSA entries confirm the code-injection risk and list cobbler upgrades/ patches as mitigation; remedia...

CVE-2011-4104

The fromyaml method in serializers.py in Django Tastypie before 0.9.10 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method...

CVE-2011-4953

The setmgmtparameters function in item.py in cobbler before 2.2.2 allows context-dependent attackers to execute arbitrary code via vectors related to the use of the yaml.load function instead of the yaml.safeload function, as demonstrated using Puppet...

openSUSE Security Update : cobbler (openSUSE-SU-2012:0639-1)

Specially crafted YAML could allow attackers to execute arbitrary code due to the use of yaml.load instead of yaml.safeload. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2012-287...

Potential remote code execution due to embedding of old django-piston

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-46819. panel The exposed atlassian api for forummodules found under forummodules/atlassian/api uses an outdated version of...