Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
It is reported that in PyYAML before 4.1, usage of yaml.load() function on untrusted input could lead to arbitrary code execution. It is therefore recommended to use yaml.safe_load() instead. With 4.1, yaml.load() has been changed to call safe_load(). * Report: http://seclists.org/oss-sec/2018/q2/240 * Upstream change: yaml/pyyaml#74 * CVE: pending -- Gentoo Security Scout Vladimir Krstulja
- Loading branch information