CVE-2017-6920: PECL YAML parser unsafe object handling

August 6, 2018 (updated October 4, 2018)

PECL YAML parser does not handle PHP objects safely during certain operations within Drupal core. This can lead to remote code execution.

References

www.drupal.org/SA-CORE-2017-003

Detect and mitigate CVE-2017-6920 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →