Issue #55: modulemd.load(s)_all is unsafe - modulemd

modulemd

#55 modulemd.load(s)_all is unsafe

Closed: Fixed 7 years ago Opened 7 years ago by puiterwijk.

The loads_all function in modulemd/__init__.py is using yaml.load_all, which is really insecure (it allows for random code execution).
This should probably be replace with the yaml.safe_load_all call.

Metadata Update from @psabata:
- Issue assigned to psabata

7 years ago

puiterwijk commented 7 years ago

This has been assigned CVE-2017-1002157.

psabata commented 7 years ago

Fixed in 1.3.2. Fedora updates will be issued shortly.

Metadata Update from @psabata:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

7 years ago

Metadata Update from @puiterwijk:
- Issue private status set to: False (was: True)

6 years ago

Metadata

Assignee

psabata

Tags

None

Blocking

None

Depending on

None

modulemd

Source Code

Documentation

#55 modulemd.load(s)_all is unsafe Closed: Fixed 7 years ago Opened 7 years ago by puiterwijk.

Metadata

#55 modulemd.load(s)_all is unsafe

Closed: Fixed 7 years ago Opened 7 years ago by puiterwijk.