Candidate: CVE-2020-1747
PublicDate: 2020-03-24 15:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1747
 https://github.com/yaml/pyyaml/pull/386
Description:
 A vulnerability was discovered in the PyYAML library in versions before
 5.3.1, where it is susceptible to arbitrary code execution when it
 processes untrusted YAML files through the full_load method or with the
 FullLoader loader. Applications that use the library to process untrusted
 input may be vulnerable to this flaw. An attacker could use this flaw to
 execute arbitrary code on the system by abusing the python/object/new
 constructor.
Ubuntu-Description:
Notes:
 mdeslaur> FullLoader was introduced in 5.1. FullLoader should not be used
 mdeslaur> on untrusted input, setting priority to low.
Mitigation:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953013
Priority: low
Discovered-by: Riccardo Schirone
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_pyyaml:
upstream_pyyaml: needs-triage
precise/esm_pyyaml: not-affected (code not present)
trusty_pyyaml: ignored (out of standard support)
trusty/esm_pyyaml: not-affected (code not present)
xenial_pyyaml: not-affected (code not present)
esm-infra/xenial_pyyaml: not-affected (code not present)
bionic_pyyaml: not-affected (code not present)
eoan_pyyaml: ignored (reached end-of-life)
focal_pyyaml: not-affected (5.3-2)
devel_pyyaml: not-affected (5.3-2)