Uploaded image for project: 'MetaBrainz Sec Management'
  1. MetaBrainz Sec Management
  2. SEC-6

Upgrade pyyaml to version 4.2b1 or later.

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Closed
    • Priority: High
    • Resolution: Fixed
    • Component/s: LB
    • Labels:
      None

      Description

      CVE-2017-18342
      [ More information |https://nvd.nist.gov/vuln/detail/CVE-2017-18342]

      high severity
      Vulnerable versions: < 4.2b1
      Patched version: 4.2b1
      In PyYAML before 4.1, the yaml.load() API could execute arbitrary code. In other words, yaml.safe_load is not used.

        Attachments

          Activity

            People

            • Assignee:
              iliekcomputers Param Singh
              Reporter:
              zas Zas
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Packages

                Version Package