Skip to content

Commit

Permalink
Update controller.py
Browse files Browse the repository at this point in the history
It is reported that in PyYAML before 4.1, usage of yaml.load() function on untrusted input could lead to arbitrary code execution. It is therefore recommended to use yaml.safe_load() instead. With 4.1, yaml.load() has been changed to call safe_load().

* Report:          http://seclists.org/oss-sec/2018/q2/240
* Upstream change: yaml/pyyaml#74
* CVE:             pending

--

Gentoo Security Scout
Vladimir Krstulja
  • Loading branch information
cz-themax authored and zzkW35 committed Jan 18, 2021
1 parent 40c890c commit 517538b
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion amdgpu_fan/controller.py
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ def main(self):
def load_config(path):
logger.debug(f'loading config from {path}')
with open(path) as f:
return yaml.load(f)
return yaml.safe_load(f)


def main():
Expand Down

0 comments on commit 517538b

Please sign in to comment.