#55 modulemd.load(s)_all is unsafe
Closed: Fixed a year ago Opened a year ago by puiterwijk.

The loads_all function in modulemd/__init__.py is using yaml.load_all, which is really insecure (it allows for random code execution).
This should probably be replace with the yaml.safe_load_all call.

Metadata Update from @psabata:
- Issue assigned to psabata

a year ago

This has been assigned CVE-2017-1002157.

Fixed in 1.3.2. Fedora updates will be issued shortly.

Metadata Update from @psabata:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

a year ago

Metadata Update from @puiterwijk:
- Issue private status set to: False (was: True)

2 months ago

Login to comment on this ticket.