View Issue Details

IDProjectCategoryView StatusLast Update
0017590CentOS-8PyYAMLpublic2020-07-14 00:06
Reportertylarb 
PriorityhighSeveritymajorReproducibilityalways
Status newResolutionopen 
Product Version8.2.2004 
Target VersionFixed in Version 
Summary0017590: PyYAML shipped in Centos8 is susceptible to CVE-2017-18342
DescriptionThe version of PyYAML shipped with Centos 8 is based off of PyYAML 3.12, and is succeptable to CVE-2017-18342

https://nvd.nist.gov/vuln/detail/CVE-2017-18342

I expected that the patch marking yaml.load deprecated would be applied here.
See here for details:
https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load(input)-Deprecation
Steps To Reproduceyum install python3-pyyaml

[root@5437a2df8784 /]# python3
Python 3.6.8 (default, Nov 21 2019, 19:31:34)
[GCC 8.3.1 20190507 (Red Hat 8.3.1-4)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import yaml
>>> print(yaml.__version__)
3.12
>>> yaml.load("!!python/object/new:os.system [echo EXPLOIT!]")
EXPLOIT!
0
Additional InformationIt looks like the CVE has been fixed in Fedora, as noted in this bugzilla:

https://bugzilla.redhat.com/show_bug.cgi?id=1595744
Tagssecurity

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2020-07-14 00:06 tylarb New Issue
2020-07-14 00:06 tylarb Tag Attached: security