DEBIAN-CVE-2011-4104

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2011-4104

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-4104.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2011-4104

Upstream

CVE-2011-4104

Published

2014-10-27T01:55:23.407Z

Modified

2025-11-19T02:02:51.394340Z

Summary

[none]

Details

The from_yaml method in serializers.py in Django Tastypie before 0.9.10 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method.

References

https://security-tracker.debian.org/tracker/CVE-2011-4104

Affected packages

Debian:11 / django-tastypie

Package

Name: django-tastypie
Purl: pkg:deb/debian/django-tastypie?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.10-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-4104.json"

Debian:12 / django-tastypie

Package

Name: django-tastypie
Purl: pkg:deb/debian/django-tastypie?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.10-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-4104.json"

Debian:13 / django-tastypie

Package

Name: django-tastypie
Purl: pkg:deb/debian/django-tastypie?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.10-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-4104.json"

Debian:14 / django-tastypie

Package

Name: django-tastypie
Purl: pkg:deb/debian/django-tastypie?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.10-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-4104.json"