cbcvebase.
CVE-2020-14343
published 2021-02-09

CVE-2020-14343: A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted…

PriorityP258critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
5.98%
92.4th percentile
A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747.

Affected

16 ranges
VendorProductVersion rangeFixed in
debianpyyaml< pyyaml 5.3.1-4 (bookworm)pyyaml 5.3.1-4 (bookworm)
docling-projectdocling-core
docling-projectdocling-core>= 2.21.0 < 2.48.42.48.4
doclingdocling-core>= 2.21.0 < 2.48.42.48.4
msrccbl2_pyyaml_5.4.1-1_on_cbl_mariner_2.0
msrccbl_mariner_2.0_arm
msrccbl_mariner_2.0_x64
oraclecommunications_cloud_native_core_network_function_cloud_native_environment
oraclecommunications_cloud_native_core_network_function_cloud_native_environment
paloaltopan-os
pyyamlpyyaml>= 0 < 5.3.1-45.3.1-4
pyyamlpyyaml>= 0 < 5.3.1-45.3.1-4
pyyamlpyyaml>= 0 < 5.3.1-45.3.1-4
pyyamlpyyaml>= 0 < 5.3.1-45.3.1-4
pyyamlpyyaml>= 0 < 5.45.4
pyyamlpyyaml>= 5.1 < 5.45.4

Detection & IOCsextracted from sources · hover to see the quote

  • Detect exploitation attempts via the python/object/new YAML constructor in untrusted YAML input processed by PyYAML's FullLoader or full_load method
  • Flag use of PyYAML's full_load() method or FullLoader loader when processing untrusted input — these are the vulnerable code paths
  • Audit code for yaml.load() calls not using SafeLoader, or any use of yaml.full_load() / FullLoader on externally-supplied YAML data
  • ·Ansible Tower 3.7 uses PyYAML 3.12 but is NOT affected because load() is called with SafeLoader explicitly specified
  • ·Red Hat Quay 3.4+ is NOT affected because it uses safe_load, not full_load/FullLoader
  • ·Despite a CVSS score of 9.8, Red Hat rates impact as Moderate because PyYAML provides yaml.safe_load as the safe alternative for untrusted input
  • ·This vulnerability is an incomplete fix for CVE-2020-1747; environments patched only for CVE-2020-1747 remain vulnerable unless upgraded to PyYAML >= 5.4

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
ghsa9.8CRITICAL
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_msrc9.8CRITICAL
vendor_oracle9.8CRITICAL
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.