Skip to content

pyyaml vulnerability #52

Description

@johnbradley

https://nvd.nist.gov/vuln/detail/CVE-2017-18342

Details: yaml/pyyaml#243 (comment)

The suggested version 4.1 is a prerelease so not a good option currently.

According to the details link above using yaml.safe_load instead of yaml.load fixes this issue.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions