Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-5y6u-xqht-n3ft

Summary PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342.

Aliases

alias	PYSEC-2020-195

Fixed_packages

url pkg:pypi/pyyaml@5.2b1

purl pkg:pypi/pyyaml@5.2b1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wh2-rac2-53ax

vulnerability	VCID-hrtt-vfbb-87bf

vulnerability	VCID-tk2n-xsk7-aqb9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyyaml@5.2b1

Affected_packages

url pkg:pypi/pyyaml@5.1

purl pkg:pypi/pyyaml@5.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wh2-rac2-53ax

vulnerability	VCID-5y6u-xqht-n3ft

vulnerability	VCID-hrtt-vfbb-87bf

vulnerability	VCID-tk2n-xsk7-aqb9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyyaml@5.1

url pkg:pypi/pyyaml@5.1.1

purl pkg:pypi/pyyaml@5.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wh2-rac2-53ax

vulnerability	VCID-5y6u-xqht-n3ft

vulnerability	VCID-hrtt-vfbb-87bf

vulnerability	VCID-tk2n-xsk7-aqb9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyyaml@5.1.1

url pkg:pypi/pyyaml@5.1.2

purl pkg:pypi/pyyaml@5.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wh2-rac2-53ax

vulnerability	VCID-5y6u-xqht-n3ft

vulnerability	VCID-hrtt-vfbb-87bf

vulnerability	VCID-tk2n-xsk7-aqb9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyyaml@5.1.2

References

reference_url	https://github.com/yaml/pyyaml/blob/master/CHANGES
reference_id
reference_type
scores
url	https://github.com/yaml/pyyaml/blob/master/CHANGES

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33VBUY73AA6CTTYL3LRWHNFDULV7PFPN/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33VBUY73AA6CTTYL3LRWHNFDULV7PFPN/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/52N5XS73Z5S4ZN7I7R56ICCPCTKCUV4H/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/52N5XS73Z5S4ZN7I7R56ICCPCTKCUV4H/

reference_url	https://www.exploit-db.com/download/47655
reference_id
reference_type
scores
url	https://www.exploit-db.com/download/47655

Weaknesses

Exploits

Severity_range_score null

Exploitability 0.5

Weighted_severity 0.0

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5y6u-xqht-n3ft

Vulnerability Instance