CVE-2017-18342
https://notcve.org/view.php?id=CVE-2017-18342
In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function. En PyYAML en versiones anteriores a 5.1, la API yaml.load () podría ejecutar código arbitrario si se usara con datos no confiables. La función load () ha quedado en desuso en la versión 5.1 y se ha introducido el "UnsafeLoader" para una compatibilidad hacia atrás con la función. • https://github.com/marshmallow-code/apispec/issues/278 https://github.com/yaml/pyyaml/blob/master/CHANGES https://github.com/yaml/pyyaml/issues/193 https://github.com/yaml/pyyaml/pull/74 https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load%28input%29-Deprecation https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JEX7IPV5P2QJITAMA5Z63GQCZA5I6NVZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSQQMRUQSXBSUXLCRD3TSZYQ7SEZRKCE http • CWE-502: Deserialization of Untrusted Data •