VDB
CVE-2017-18342
CVE-2017-18342
PUBLISHED
In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function.
EPSS 4.81% · 89.7th percentile
Risk Scores
EPSS Score
4.81%
89.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | pyyaml | 3.11-3, 3.11-3build1, 0 |
| Ubuntu:18.04:LTS | pyyaml | 3.12-1build2, 0 |
| Ubuntu:14.04:LTS | pyyaml | 3.10-4build3, 3.10-4build4, 3.10-4ubuntu0.1 |
Exploit Intelligence
- CIRCL seen: CVE-2017-18342 (circl-sighting)
- CIRCL seen: CVE-2017-18342 (circl-sighting)
- https://github.com/yaml/pyyaml/pull/74 (circl)
- https://github.com/yaml/pyyaml/blob/master/CHANGES (circl)
- FEDORA-2019-bed9afe622 (circl)
- FEDORA-2019-779a9db46a (circl)
- FEDORA-2019-44643e8bcb (circl)
- https://github.com/marshmallow-code/apispec/issues/278 (circl)
- https://github.com/yaml/pyyaml/issues/193 (circl)
- https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load%28input%29-Deprecation (circl)
…and 23 more exploits
Timeline
- Jun 27, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 13, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2017-18342 third-party-advisory
- https://github.com/yaml/pyyaml/pull/74 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-18342 third-party-advisory