Skip to content

Remediate High pyyaml vulnerability #2727

New issue
New issue
Open
Open
Remediate High pyyaml vulnerability#2727
Assignees
xbrianh
Labels
Security
@Lilalamar

Description

@Lilalamar
Lilalamar
opened on Apr 30, 2020

Snyk reports the following High severity vulnerability in HumanCellAtlas/data-store. Please remediate by the end of Q2 Milestone 2.

Description
pyyaml

Suggested Remediation
Upgrade pyyaml to version 5.3.1 or higher.

Details
pyyaml is a YAML parser and emitter for Python. Affected versions of this package are vulnerable to Arbitrary Code Execution. It is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor.

Activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

Labels

Security

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions