Lucene search
Ubuntu.comUB:CVE-2011-4103HistoryOct 27, 2014 - 12:00 a.m.
CVE-2011-4103
2014-10-2700:00:00
ubuntu.com
ubuntu.com
7
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.011 Low
EPSS
Percentile
83.9%
emitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 does not
properly deserialize YAML data, which allows remote attackers to execute
arbitrary Python code via vectors related to the yaml.load method.
Bugs
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 10.10 | noarch | python-django-piston | < 0.2.2-1ubuntu0.2 | UNKNOWN |
| ubuntu | 11.04 | noarch | python-django-piston | < 0.2.2-1ubuntu1.11.04.1 | UNKNOWN |
| ubuntu | 11.10 | noarch | python-django-piston | < 0.2.2-1ubuntu1.11.10.1 | UNKNOWN |
Related
openvas
openvas
Debian Security Advisory DSA 2344-1 (python-django-piston)
2012-02-11 00:00:00
Debian: Security Advisory (DSA-2344-1)
2012-02-11 00:00:00
nessus
nessus
Debian DSA-2344-1 : python-django-piston - deserialization vulnerability
2011-11-14 00:00:00
github
github
Django-piston and Django-tastypie do not properly deserialize YAML data
2018-07-23 19:50:48
prion
prion
Design/Logic Flaw
2014-10-27 01:55:00
debiancve
debiancve
CVE-2011-4103
2014-10-27 01:55:00
osv
osv
python-django-piston - deserialization vulnerability
2011-11-11 00:00:00
PYSEC-2014-24
2014-10-27 01:55:00
Django-piston and Django-tastypie do not properly deserialize YAML data
2018-07-23 19:50:48
cve
cve
CVE-2011-4103
2014-10-27 01:55:00
debian
debian
[SECURITY] [DSA 2344-1] python-django-piston security update
2011-11-11 20:36:37
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.011 Low
EPSS
Percentile
83.9%
Related for UB:CVE-2011-4103