CVE-2020-1747
ADVISORY - githubSummary
A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor.
EPSS Score: 0.01681 (0.815)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Improper Input Validation
ADVISORY - github
Improper Input Validation
ADVISORY - gitlab
ADVISORY - redhat
Improper Input Validation
NIST
CREATED
UPDATED
ADVISORY IDCVE-2020-1747
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
9.8criticalGitHub
CREATED
UPDATED
ADVISORY IDGHSA-6757-jp84-gxfx
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
9.3criticalAlpine
CREATED
UPDATED
ADVISORY IDCVE-2020-1747
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Debian
CREATED
UPDATED
ADVISORY IDCVE-2020-1747
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Ubuntu
CREATED
UPDATED
ADVISORY IDCVE-2020-1747
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
9.8lowPypA
CREATED
UPDATED
ADVISORY ID
PYSEC-2020-96
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Alma
CREATED
UPDATED
ADVISORY IDALSA-2020:4641
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AmediumRed Hat
CREATED
UPDATED
ADVISORY IDCVE-2020-1747
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
9.8mediumRocky
CREATED
UPDATED
ADVISORY IDRLSA-2020:4641
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AlowOracle
CREATED
UPDATED
ADVISORY IDELSA-2020-4641
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-