Package: pyyaml Severity: grave Tags: security Hi, CVE-2014-9130 from libyaml also affects pyyaml. I'm attaching a short reproducer.
Cheers,
Moritz
import yaml
import codecs
with codecs.open('CVE-2014-9130.yaml', 'r') as stream:
foo = yaml.load(stream)
for key, value in foo.items():
setattr(self, key, value)
abc: def: 'xxx ' ghi: 'yyy'
