Back to bug 1808088
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Guilherme de Almeida Suckevicz | 2020-02-27 19:07:31 UTC | Depends On | 1808090, 1808089, 1808091 | |
| Guilherme de Almeida Suckevicz | 2020-02-27 19:07:43 UTC | Blocks | 1808092 | |
| Jason Shepherd | 2020-02-28 05:15:53 UTC | Priority | high | medium |
| Doc Text | A vulnerability was discovered in the Ruamel Yaml library, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the load method. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/apply constructor. | |||
| Severity | high | medium | ||
| Summer Long | 2020-02-28 06:33:39 UTC | Depends On | 1808261, 1808262 | |
| Jason Shepherd | 2020-02-28 06:40:53 UTC | CC | aos-bugs, jlanford | |
| Jason Shepherd | 2020-02-28 06:43:49 UTC | Depends On | 1808273, 1808272, 1808269, 1808270 | |
| Jason Shepherd | 2020-02-28 06:52:42 UTC | Depends On | 1808275 | |
| Sam Fowler | 2020-03-03 08:16:33 UTC | Doc Text | A vulnerability was discovered in the Ruamel Yaml library, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the load method. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/apply constructor. | A vulnerability was discovered in the ruamel.yaml library, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the load() method. Applications that use ruamel.yaml to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/apply constructor. |
| Summary | CVE-2019-20478 python-ruamel-yaml: code execution through load method with an untrusted argument | CVE-2019-20478 python-ruamel-yaml: code execution through load() method with an untrusted argument | ||
| Fabian von Feilitzsch | 2020-03-04 04:21:39 UTC | CC | fabian | |
| Sam Fowler | 2020-03-26 02:58:30 UTC | CC | jcantril | |
| PnT Account Manager | 2020-07-10 21:41:04 UTC | CC | kbasil | |
| PnT Account Manager | 2020-09-10 21:20:13 UTC | CC | vbellur | |
| Jason Montleon | 2020-09-24 13:54:15 UTC | CC | jmontleo | |
| Red Hat Bugzilla | 2021-06-22 00:28:13 UTC | CC | dbecker | |
| Red Hat Bugzilla | 2021-07-01 12:32:10 UTC | CC | puebele | |
| Red Hat Bugzilla | 2022-01-08 05:29:54 UTC | CC | jokerman | |
| Red Hat Bugzilla | 2022-05-09 08:31:30 UTC | CC | aos-bugs | |
| Sam Fowler | 2022-08-02 07:24:40 UTC | CC | vkumar | |
| Red Hat Bugzilla | 2023-07-07 08:30:53 UTC | Assignee | security-response-team | nobody |
Back to bug 1808088