Skip to content
This repository has been archived by the owner on May 14, 2024. It is now read-only.

PyYaml load function used in orator is subject to CVSS 9.8 risk #387

Open
djfurman opened this issue Dec 10, 2020 · 0 comments
Open

PyYaml load function used in orator is subject to CVSS 9.8 risk #387

djfurman opened this issue Dec 10, 2020 · 0 comments

Comments

@djfurman
Copy link

PyYaml dependency on yaml.load() function is subject to CVE-2020-14343

This function is only used once in orator. Recommending that this be replaced with the safe load method
Refe:

orator/orator/commands/command.py

Line 121 in 0d82258

config = yaml.load(fd)

PR to follow.
djfurman added a commit to djfurman/orator that referenced this issue Dec 10, 2020
@djfurman
Switch to safe_yaml load. Fix sdispater#387
6d21192
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@djfurman