Merge pull request #3097 from pwnetrationguru/yaml-fix

[security] - Replace yaml.load() with yaml.safe_load() for security reasons.
boto · May 1, 2015 · 8b65a6c · 8b65a6c
2 parents 3c3302a + 8805eb9
commit 8b65a6c
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/boto/contrib/ymlmessage.py b/boto/contrib/ymlmessage.py
@@ -47,7 +47,7 @@ def __init__(self, queue=None, body='', xml_attrs=None):
         super(YAMLMessage, self).__init__(queue, body)
 
     def set_body(self, body):
-        self.data = yaml.load(body)
+        self.data = yaml.safe_load(body)
 
     def get_body(self):
         return yaml.dump(self.data)