Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remediate High pyyaml vulnerability #2727

Open
Lilalamar opened this issue Apr 30, 2020 · 0 comments
Open

Remediate High pyyaml vulnerability #2727

Lilalamar opened this issue Apr 30, 2020 · 0 comments
Assignees
@xbrianh
Labels
Security

Comments

@Lilalamar
Copy link

Snyk reports the following High severity vulnerability in HumanCellAtlas/data-store. Please remediate by the end of Q2 Milestone 2.

Description
pyyaml

Suggested Remediation
Upgrade pyyaml to version 5.3.1 or higher.

Details
pyyaml is a YAML parser and emitter for Python. Affected versions of this package are vulnerable to Arbitrary Code Execution. It is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@xbrianh xbrianh

Labels
Security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@xbrianh @Lilalamar