UBUNTU-CVE-2017-18342
- Source
- https://ubuntu.com/security/CVE-2017-18342
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-18342.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2017-18342
- Related
- Published
- 2018-06-27T12:29:00Z
- Modified
- 2018-06-27T12:29:00Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function.
- References
Affected packages
Ubuntu:Pro:14.04:LTS / pyyaml
Package
- Name
- pyyaml
- Purl
- pkg:deb/ubuntu/pyyaml?arch=src?distro=trusty/esm
Ubuntu:Pro:16.04:LTS / pyyaml
Package
- Name
- pyyaml
- Purl
- pkg:deb/ubuntu/pyyaml?arch=src?distro=esm-infra/xenial
Ubuntu:Pro:18.04:LTS / pyyaml
Package
- Name
- pyyaml
- Purl
- pkg:deb/ubuntu/pyyaml?arch=src?distro=esm-infra/bionic
Ubuntu:20.04:LTS / pyyaml
Package
- Name
- pyyaml
- Purl
- pkg:deb/ubuntu/pyyaml?arch=src?distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.1.2-1
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "low",
"binaries": [
{
"binary_version": "5.1.2-1",
"binary_name": "python-yaml"
},
{
"binary_version": "5.1.2-1",
"binary_name": "python-yaml-dbg"
},
{
"binary_version": "5.1.2-1",
"binary_name": "python3-yaml"
},
{
"binary_version": "5.1.2-1",
"binary_name": "python3-yaml-dbg"
}
]
}