CVE-2019-20477
- Reference to the description:
- Description:
- PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342.
- Last updated date:
- 01/01/2022
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 05/28/2020
- Reference url to background