CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2011-4103
https://notcve.org/view.php?id=CVE-2011-4103
emitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method. emitters.py en Django Piston anterior a 0.2.3 y 0.2.x anterior a 0.2.2.1 no deserializa debidamente los datos YAML, lo que permite a atacantes remotos ejecutar código Python arbitrario a través de vectores relacionados con el método yaml.load. • http://www.debian.org/security/2011/dsa-2344 http://www.openwall.com/lists/oss-security/2011/11/01/10 https://bitbucket.org/jespern/django-piston/commits/91bdaec89543 https://bugzilla.redhat.com/show_bug.cgi?id=750658 https://www.djangoproject.com/weblog/2011/nov/01/piston-and-tastypie-security-releases • CWE-20: Improper Input Validation •