PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| pyyaml(PyPI) | 5.1 | 5.2 | N/A |
CVSS Metrics
