Improper Input Validation

CVE-2017-18342

High

9.8/10

Summary

In PyYAML before 5.1b1, the `yaml.load()` API could execute arbitrary code if used with untrusted data. The `load()` function was deprecated and the 'UnsafeLoader' was introduced for backward compatibility with the function. NOTE: There was an initial fix which was later reverted. The actual fix occurred in the commit "857dff15".

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-20 - Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

Issue
Pull request
Advisory

Advisory Timeline

Published Jun 27, 2018

Improper Input Validation

CVE-2017-18342

Summary

CWE-20 - Improper Input Validation

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS