VDB
ALPINE-CVE-2020-14343
ALPINE-CVE-2020-14343
PUBLISHED
CVSS 9.800000190734863 CRITICAL
A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747.
Risk Scores
CVSS v3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.12 | py3-yaml | 5.3-r0, 0, 3.11-r0 |
| Alpine:v3.13 | py3-yaml | 5.3.1-r1, 3.11-r0, 5.3.1-r1 |
| Alpine:v3.11 | py3-yaml | 0, 5.3.1-r0, 5.2-r0 |
| Alpine:v3.21 | py3-yaml | 0, 5.1.1-r0, 5.1-r0 |
| Alpine:v3.15 | py3-yaml | 5.1.2-r0, 0, 3.10-r0 |
| Alpine:v3.16 | py3-yaml | 5.2-r0, 0, 3.10-r1 |
| Alpine:v3.17 | py3-yaml | 5.3-r0, 5.1.1-r0, 5.1.2-r0 |
| Alpine:v3.18 | py3-yaml | 0, 3.12-r0, 5.3.1-r1 |
| Alpine:v3.23 | py3-yaml | 5.2-r0, 5.1.1-r0, 5.1-r0 |
| Alpine:v3.22 | py3-yaml | 4.1-r0, 3.10-r0, 3.10-r1 |
| Alpine:v3.20 | py3-yaml | 5.1.1-r0, 5.1-r0, 5.1.1-r0 |
| Alpine:v3.19 | py3-yaml | 4.1-r0, 5.2-r0, 5.1.2-r2 |
| Alpine:v3.14 | py3-yaml | 5.3-r0, 5.3.1-r1, 5.3.1-r0 |
Timeline
- Feb 9, 2021 CVE Published
- Dec 3, 2025 CVE Updated
- Apr 30, 2026 Distribution Patch