Improper input validation in Red Hat Pyyaml
CVE-2020-1747
A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applicati…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.018 (83.4th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Red Hat Pyyaml — versions 5.3.1
Weakness classification (CWE)
Public proof-of-concept exploits
References
- FEDORA-2020-40c35d7b37 (vendor-advisory, x_refsource_FEDORA)
- FEDORA-2020-bdb0bfa928 (vendor-advisory, x_refsource_FEDORA)
- FEDORA-2020-e9741a6a15 (vendor-advisory, x_refsource_FEDORA)
- openSUSE-SU-2020:0507 (vendor-advisory, x_refsource_SUSE)
- openSUSE-SU-2020:0630 (vendor-advisory, x_refsource_SUSE)
- FEDORA-2021-3342569a0f (vendor-advisory, x_refsource_FEDORA)
- FEDORA-2021-eed7193502 (vendor-advisory, x_refsource_FEDORA)
- www.oracle.com/security-alerts/cpujul2022.html (x_refsource_MISC)
- bugzilla.redhat.com/show_bug.cgi (x_refsource_CONFIRM)
- github.com/yaml/pyyaml/pull/386 (x_refsource_MISC)
Frequently asked questions
- What is CVE-2020-1747?
- CVE-2020-1747 is a critical-severity vulnerability in Red Hat Pyyaml, classified under Improper Input Validation. CVSS score: 9.8/10. Published 2020-03-24.
- How severe is CVE-2020-1747?
- Critical severity. CVSS v3 base score is 9.8 out of 10.
- Is CVE-2020-1747 known to be exploited?
- 13 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.