Unsafe use of yaml.load
Piston uses the yaml.load method, which is unsafe. In certain circumstances this could be used to allow remote execution of arbitrary code.
Advisories for Pypi/Django-Piston package
2014
Piston uses the yaml.load method, which is unsafe. In certain circumstances this could be used to allow remote execution of arbitrary code.