icon

We found results for “

CVE-2011-4104

Good to know:

icon

Date: October 26, 2014

The from_yaml method in serializers.py in Django Tastypie before 0.9.10 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method.

Language: Python

Severity Score

Severity Score

Weakness Type (CWE)

Input Validation

CWE-20

Top Fix

icon

Upgrade Version

Upgrade to version v0.9.10

Learn More

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us