CVE-2011-4103: Unsafe use of yaml.load
(updated )
Piston uses the yaml.load
method, which is unsafe. In certain circumstances this could be used to allow remote execution of arbitrary code.
References
Detect and mitigate CVE-2011-4103 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →