CVE-2020-1747: Improper Input Validation
(updated )
PyYAML is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load
method or with the FullLoader
loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new
constructor.
References
Detect and mitigate CVE-2020-1747 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →