emitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method.
References
Configurations
History
21 Nov 2024, 01:31
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.debian.org/security/2011/dsa-2344 - | |
References | () http://www.openwall.com/lists/oss-security/2011/11/01/10 - | |
References | () https://bitbucket.org/jespern/django-piston/commits/91bdaec89543/ - Patch | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=750658 - | |
References | () https://www.djangoproject.com/weblog/2011/nov/01/piston-and-tastypie-security-releases/ - Vendor Advisory |
Information
Published : 2014-10-27 01:55
Updated : 2024-11-21 01:31
NVD link : CVE-2011-4103
Mitre link : CVE-2011-4103
CVE.ORG link : CVE-2011-4103
JSON object : View
Products Affected
djangoproject
- piston
CWE
CWE-20
Improper Input Validation