Package: pyyaml
Severity: grave
Tags: security
Hi,
CVE-2014-9130 from libyaml also affects pyyaml. I'm attaching a short
reproducer.
Cheers,
Moritz
import yaml
import codecs
with codecs.open('CVE-2014-9130.yaml', 'r') as stream:
foo = yaml.load(stream)
for key, value in foo.items():
setattr(self, key, value)
abc:
def: 'xxx
' ghi: 'yyy'
_______________________________________________
Python-modules-team mailing list
Python-modules-team@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/python-modules-team
