Index: security/vuxml/vuln.xml =================================================================== --- security/vuxml/vuln.xml (revision 499741) +++ security/vuxml/vuln.xml (working copy) @@ -58,6 +58,37 @@ * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> + + py-yaml -- arbitrary code execution + + + py27-yaml + py35-yaml + py36-yaml + py37-yaml + 4.1 + + + + +

pyyaml reports:

+
the PyYAML.load function could be easily exploited to call any Python + function. That means it could call any system command using os.system()
+

+ + + + CVE-2017-18342 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18342 + https://github.com/yaml/pyyaml/pull/74 + + + 2018-06-27 + 2019-04-23 + + + FreeBSD -- EAP-pwd message reassembly issue with unexpected fragment