pyyaml pyyaml CVE-2020-14343 in Pyyaml and Oracle Products
Published on February 9, 2021

product logo product logo
A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747.

NVD

Weakness Type

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.


Products Associated with CVE-2020-14343

stack.watch emails you whenever new vulnerabilities are published in Pyyaml or Oracle Communications Cloud Native Core Network Function Cloud Native Environment. Just hit a watch button to start following.

Pyyaml
 
Oracle Communications Cloud Native Core Network Function Cloud Native Environment
 

Exploit Probability

EPSS
11.41%
Percentile
93.45%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.