CVE-2017-18342

Published
View on NVD ↗
CVSS v3
9.8
CRITICAL
CVSS v2
7.5
HIGH
Affected
2
PROJECTS

Description

In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function.

yaml/pyyaml
yaml/pyyaml
Canonical source repository for PyYAML
GitHubGitHub
2.9K
marshmallow-code/apispec
marshmallow-code/apispec
A pluggable API specification generator. Currently supports the OpenAPI Specification (f.k.a. the Swagger specification)..
GitHubGitHub
1.22K