CVE-2011-4104
Summary
| CVE | CVE-2011-4104 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2014-10-27 01:55:00 UTC |
|---|
| Updated | 2023-11-07 02:09:00 UTC |
|---|
| Description | The from_yaml method in serializers.py in Django Tastypie before 0.9.10 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| oss-security - Re: CVE request for Django-piston and Tastypie |
MLIST |
www.openwall.com |
Patch |
| Safer loading of YAML. Thanks to daveyss for the report! · django-tastypie/django-tastypie@e8af315 · GitHub |
CONFIRM |
github.com |
Patch |
| Django | Weblog | Piston and Tastypie security releases issued |
MISC |
www.djangoproject.com |
Vendor Advisory |
| Google Groups |
CONFIRM |
groups.google.com |
|
| oss-security - Re: Re: CVE request for Django-piston and Tastypie |
MLIST |
www.openwall.com |
|
| Google Groups |
|
groups.google.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 996737 Python (Pip) Security Update for django-tastypie (GHSA-qgvw-qc2q-gv5q)
