Use safe_load() instead of insecure load() #26

leopoldjuergen · 2019-08-20T15:11:49Z

Replace yaml.load() by yaml.safe_load(). In PyYAML before 5.1,
the yaml.load() API could execute arbitrary code
if used with untrusted data (CVE-2017-18342).

Signed-off-by: Juergen Leopold leopoldj@de.ibm.com

Replace yaml.load() by yaml.safe_load(). In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data (CVE-2017-18342). Signed-off-by: Juergen Leopold <leopoldj@de.ibm.com>

coveralls · 2019-08-20T15:16:56Z

Coverage remained the same at 72.124% when pulling 6ff498a on juergen/CVE_2017_18342 into 8e78cc6 on master.

Use safe_load() instead of insecure load()

6ff498a

Replace yaml.load() by yaml.safe_load(). In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data (CVE-2017-18342). Signed-off-by: Juergen Leopold <leopoldj@de.ibm.com>

leopoldjuergen merged commit 2d924b0 into master Aug 20, 2019

leopoldjuergen deleted the juergen/CVE_2017_18342 branch August 20, 2019 15:17

andy-maier added this to the 0.4.0 milestone Nov 23, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Use safe_load() instead of insecure load() #26

Use safe_load() instead of insecure load() #26

leopoldjuergen commented Aug 20, 2019

coveralls commented Aug 20, 2019

Use safe_load() instead of insecure load() #26

Use safe_load() instead of insecure load() #26

Conversation

leopoldjuergen commented Aug 20, 2019

coveralls commented Aug 20, 2019