What is CVE-2020-14343?

CVE-2020-14343 is a vulnerability in Pyyaml, classified under Improper Input Validation. Published 2021-02-09.

Is CVE-2020-14343 known to be exploited?

24 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Pyyaml

CVE-2020-14343

A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Application…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.137 (94.4th percentile) — read the EPSS interpretation.

Affected products

N/a Pyyaml — versions PyYAML 5.4

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

j4k0m/loader-CVE-2020-14343
sijie52/yasa-cve-2020-14343
Kairo-one/CVE-2020-14343-PyYAML
GoranP/dvpwa
HotDB-Community/HotDB-Engine
Live-Hack-CVE/CVE-2020-14343
SugarP1g/LearningSecurity
andsopwn/LXC-Threat-API-Mapping
anotherik/Config-Portal
aryanxsh/example-vulnerable-repo

References

github.com/yaml/pyyaml/issues/420
bugzilla.redhat.com/show_bug.cgi
www.oracle.com/security-alerts/cpuapr2022.html
www.oracle.com/security-alerts/cpujul2022.html
github.com/SeldonIO/seldon-core/issues/2252

Frequently asked questions

What is CVE-2020-14343?: CVE-2020-14343 is a vulnerability in Pyyaml, classified under Improper Input Validation. Published 2021-02-09.
Is CVE-2020-14343 known to be exploited?: 24 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.